back to article Name True, iCloud access false: Exceptional problem locks online storage account, stumps Apple customer service

An iCloud customer says she spent more than six hours on the phone to Apple after being locked out of the service because her name is apparently incompatible with the application code. "Actor, author, artist" Rachel True posted on Twitter about an error with the iCloud application, an unhandled exception with "Type error: …

  1. Yet Another Anonymous coward Silver badge

    Could have been worse

    https://xkcd.com/327/

    1. Frank Bitterlich
      Facepalm

      Re: Could have been worse

      That was my first thought - little_bobby_tables@icloud.com...

      1. Yet Another Anonymous coward Silver badge

        Re: Could have been worse

        ps is there a quick way to format a href field in the comments?

        Was on my phone on transit so couldn't write it manually as normal

        1. sev.monster Silver badge
          Boffin

          Re: Could have been worse

          Just write HTML.

          <a href="https://google.com/little bobby tables">You know how to do that off the top of your head right?</a>

          Oh, looks like our fair vulture's sanitizer doesn't properly escape HTML inside pre tags, so I had to use fancy unicode brackets. They're a bit shouty.

    2. big_D Silver badge

      Re: Could have been worse

      I actually used that, well the nuclear option, DROP DATABASE, when testing an online shop.

      I reported a bunch of SQL Injection vulnerabilities in their shopping system. They weren't interested. I escalated it. Nobody understood... I asked them if they had a backup, they said yes, so I SQL-injected DROP DATABASE as the password. Woomph, the whole test environment ceased to be!

      The management and devs certainly sat up after that eye opening moment. They went back through my report, which listed over 2 dozen instances in the system, where they weren't sanitizing the data. 2 days later, the problem had been removed, and the data restored.

    3. Steve Graham

      Re: Could have been worse

      The original victim seems to be referring to the Bobby Tables strip in her final comment.

    4. This post has been deleted by its author

  2. Mike 137 Silver badge

    "Type error: cannot set value `true` to property `lastName`."

    At first sight, maybe they're passing user input directly into SQL queries - a very common practice despite being idiotically hazardous. Nobody seems to learn.

    1. Graham Dawson Silver badge
      FAIL

      Re: "Type error: cannot set value `true` to property `lastName`."

      From the look of things they're using poorly formatted JSON in their API requests, setting "true" or "false" as a string values instead of a boolean, then "fixing" that by explicitly re-casting any string with the value of "true" or "false" as a boolean value. This is bad for a lot of reasons.

      1. captain veg Silver badge

        Re: "Type error: cannot set value `true` to property `lastName`."

        Indeed. It can't be a JavaScript error because JavaScript does not throw type mismatch errors Obviously.

        -A..

      2. gnasher729 Silver badge

        Re: "Type error: cannot set value `true` to property `lastName`."

        In proper JSON, a customer with named James True would have his name stored like "firstName": "James", "lastName": "True". If it was store incorrectly without quotes, "lastName": True would be invalid JSON, while "lastName": true would be valid JSON with a boolean value as lastName.

        It looks like they have code that expects boolean values in JSON to be stored incorrectly as strings, that is "true" or "false" instead of true and false. If that is the case, and something automatically "corrects" "true" to true, then you would have this problem.

  3. Fursty Ferret

    Importance of capital letters

    Can't help but think that my old primary school teacher (who hated both children and spelling mistakes, but children more) may have had a point when she said that the laziness of phone and web text communication would come back to bite us one day.

    c ya l8tr dudes

    1. NightFox

      Re: Importance of capital letters

      Agree - people who can't even be arsed to press shift when writing their own name, how much pride and effort is that person going to take in anything else they do?

      I used to make a point of whenever somebody bought something off me on eBay who'd entered their entire name, address and postcode completely in lower case, I'd delay sending the item for a day.

      I have however finally come to terms with the fact that my eldest daughter (who's a computer-literate student) insists on Caps Lock On X Caps Lock Off rather than just hold down shift to capitalise a single letter.

      1. FIA Silver badge

        Re: Importance of capital letters

        I used to make a point of whenever somebody bought something off me on eBay who'd entered their entire name, address and postcode completely in lower case, I'd delay sending the item for a day.

        Did you tell them you'd done this?? If you don't tell them, they'll never learn.

      2. zuckzuckgo Silver badge

        Re: Importance of capital letters

        @NightFox

        But capitalized letters in the middle of your name is not a sin?

      3. Anonymous Coward
        Anonymous Coward

        Re: Importance of capital letters

        Clearly a CaPital oFFence

    2. FIA Silver badge

      Re: Importance of capital letters

      Ironically, the opposite may well be the case.

      There are however people who just speak bad, always have been. Always will been.

  4. AMBxx Silver badge
    Facepalm

    My name is

    '; DROP TABLE Users;

    1. itzumee
      Thumb Up

      Re: My name is

      '; DROP TABLE Users;--

      FTFY

  5. Warm Braw

    If Ms True has a problem...

    ... I feel sorry for her NaN.

    1. b0llchit Silver badge
      Coat

      Re: If Ms True has a problem...

      Is that a normalized NaN?

    2. Anonymous Coward
      Angel

      Re: If Ms True has a problem...

      She should temporarily change her name to ↑↑↓↓←→←→BA and take control.

      Yes, I'm old.

      Also. GIGO

    3. Will Godfrey Silver badge
      Happy

      Re: If Ms True has a problem...

      As I've said before. Never provoke a nan - she knows far too much about you.

  6. Brewster's Angle Grinder Silver badge

    Speaking of javascript idiocy. Tescos have some new software on their self service tills. Opt to weigh something and the unladen scales display a weight of "undefinedkg"

    1. Yet Another Anonymous coward Silver badge

      > weight of "undefinedkg"

      That's dumb, it should be a weight of undefinedN, which is at least better then undefinedftlb

      1. Brewster's Angle Grinder Silver badge

        It was indeed the missing "m/s²" after "kg" that I was highlighting.

    2. JimboSmith Silver badge

      Tesco self service tills had another problem a few years ago. Suppose you'd scanned some of your shopping in and wanted to check that the 3 for 2, BOGOF's etc. had been applied. Well you just pressed the "subtotal" on screen button to do this. When you did the machine would reboot. After it happened to me twice I spoke to the manager to point out the issue. She was slightly sceptical and wanted to watch me do a demonstration. So I scanned in a few items and then hit subtotal as normal. Then it rebooted as I'd promised to her utter amazement. I did it again on another till with different items to prove it wasn't just that till etc. She thanked me for bringing it to her attention and said she'd pass it on to head office. Then I had my shopping scanned in at a manned till and some or all of it (can't remember now) free to say thank you. The issue was fixed not long after that.

      1. Stuart Castle Silver badge

        I had something similar in Sainsbury’s. I’d scanned my shopping, hit “pay” and the machine rebooted. Did it again, and the machine rebooted. Thankfully, the supervisor was able to look at what was going on in the system, then go to a manned till, recall my last transaction and let me pay. This was a weeks shopping. I didn’t want to hang around to scan it a third time.

      2. KBeee

        It seems a bit weird that a UK supermarket (even on the shop floor) has better IT support than a multinational "Innovative hardware/softwear" company.

        1. Anonymous Coward
          Anonymous Coward

          Tesco's brought all IT back in house a few years ago, and pretty much all their software is written in house using open source stuff where possible. It seems to mean they can fix stuff much more quickly when bugs are found. I guess they'd had enough of the awful quality and slow turnaround with more off the shelf and consultancy written stuff.

          1. Eclectic Man Silver badge

            CNI

            Tesco, Sainsbury, etc. count as Critical National Infrastructure: we are only 3 sheets of toilet paper* away from riots in the streets.

            So their IT systems which are integrated to ensure that deliveries and ordering are as efficient as possible have to run effectively and robustly. Apple's iCloud, MS Network, Hotmail etc. are not CNI so can, sort of 'afford' to be not so robust, as it is only reputational and financial damage to a commercial organisation that is incurred.

            *Actually I think it was meals, but you get the idea.

      3. A Non e-mouse Silver badge

        Upon visiting Argos one dark and stormy night, I discovered entering one particular product code caused the tablet to crash. The store was quiet and I entered that product code into all the store's tablets.

        (And before anyone complains, the tablets auto-rebooted after a few minutes so the store wasn't stuffed)

        Other than some childish glee, I left the store empty handed.

  7. Anonymous Coward
    Anonymous Coward

    Similar problem

    I once had a client with an internal application where a user told me that the reason they didn't trust the developers is that they just blindly implemented what they were asked for. He illustrated it with a story. His surname was Li, and in common with many organizations, the system used a username scheme of first initial followed by surname. When the application was rolled out he was unable to log in and would be faced with an ugly NullPointerException stack trace in his browser. He raised it with the developers, and 6 months later was told it would be fixed in the next release. After the release, he eagerly entered his username and password, and was presented with a login error page with the error "Username must be at least 4 characters long". The developers had fixed the ugly stack trace, but not the underlying problem that users with three character usernames could not log in.

    1. Yet Another Anonymous coward Silver badge

      Re: Similar problem

      Went to college with an Indonesian girl that only had one name - you don't get a surname until you're married, the offspring of a Sri-Lankan and an Italian who had a double barralled surname that broke both the length limits of any name field and the tongue of anyone attempting to pronounce it and a Korean guy with a 3 x 2 letter names who seemed to treat their ordering totally randomly on different systems.

      Would only have needed Prince in his Artist-Formerly-Known-As days to reduce the college admin to gibbering wrecks

      1. Arthur the cat Silver badge

        Re: Similar problem

        I thoroughly recommend that any programmer who has to deal with names should read this article on Falsehoods Programmers Believe About Names.

      2. Steve Davies 3 Silver badge
        Facepalm

        Re: Similar problem

        Even today, developers fall foul of name/password length limits.

        I've just encountered this with an EV charger. The WiFi SSID password field that you need to use to setup the device is hardcoded to have a max length of 16 characters. My home network has a password that in 32 Hex characters. The WiFi standard allows up to 64 characters.

        Impasse. Luckily I had an old Access Point that I reconfigured to connect the charger.

        Doh!

        1. Anonymous Coward
          Anonymous Coward

          Re: Similar problem

          Once had to deal with a clients app that sent email. I wanted to use a custom SMTP connector on the mail server and set the port to 60025. Didn't work. The vendor had no idea why it wasn't working, but I got the impression most of their clients just used default SMTP port 25.

          After much trial and error, finally worked out that although the field in the apps mail config would accept 5 character input, it would only use 4. Set the port to 6025 and it worked.

          1. PC Paul

            Re: Similar problem

            Dell iDracs still do that: they happily let you set a really long password but only use a certain number of characters from it (20 IIRC).

          2. Nick Ryan Silver badge

            Re: Similar problem

            I had worse... a rather badly coded (OK, very badly coded) and barely stable field management system crapped itself because I insisted on deploying the system using HTTPS only and did not even route incoming HTTP to the web server. Idiot developers couldn't cope with just using the damn URI parts as presented and hard coded bits in, which on an insecure system that allowed HTTP through would work. The suggested that we make our system insecure to allow their poorly coded application to work (not quite their request, but how I reframed it when I denied the request). They then fixed their code but, of course, being low skill coders had embedded crappy third party components into their web application and, guess, what? They couldn't cope with HTTPS either... Numpties.

      3. Eclectic Man Silver badge
        Facepalm

        Re: Similar problem

        When ICL (bonus point if you remember them) developed their mini desktop computer (the DRS if I recall correctly) in the late 1980s, they got a prestigious contract with a German state government. Except the thing kept on crashing when the head entered his job title. Much escalation to board level directors, much gnashing of teeth etc. It seems that the developers had not taken not account the German language love for compound nouns and only allowed a mere 32 characters for the job title field.

        1. Electronics'R'Us
          Thumb Up

          Re: Similar problem

          Ah - German.

          The only language I know of where a single (compounded) word can be a paragraph.

          1. Roger Kynaston

            Re: Similar problem

            Welsh?

            1. Electronics'R'Us
              Devil

              Re: Similar problem

              I think Welsh has the highest consonant density in a language; perhaps the vowels migrated as the corollary to the law of conservation of consonants.

              1. onemark03

                I think Welsh has the highest consonant density in a language;

                So not Polish?

                Just asking

                FTR: I speak neither.

              2. Eclectic Man Silver badge

                Re: Similar problem

                Donald Knuth said that he had real trouble getting TeX to hyphenate the Welsh language correctly.

                1. A Non e-mouse Silver badge
                  Joke

                  Re: Similar problem

                  Probablt 'cause there's no "x" in the Welsh alphabet.

              3. A Non e-mouse Silver badge
                Headmaster

                Re: Similar problem

                In Welsh "y" is a vowel (and I recall that "w" can be at times too). So what might look like a bunch of constanants to a monoglot probably isn't. e.g. The Welsh for "hospital" is "Ysbytwy". No English vowels but plenty of Welsh ones.

                Remember kids, there is more than one language & alphabet out there.

          2. Anonymous Coward
            Anonymous Coward

            Re: Similar problem

            Finnish. The concept is known as agglutination - building complex words by sticking shorter ones together. Railway station is "rautatieasema", literally iron-road-station.

            1. katrinab Silver badge
              Meh

              Re: Similar problem

              It is "stazione ferroviaria" in Italian, which also translates to iron road station.

          3. Anonymous Coward
            Anonymous Coward

            Re: Similar problem

            For some reason about the only German word I can recall from school *cough* years ago is Geschwindigkeitsbeschränkung.

            1. Arthur the cat Silver badge

              Re: Similar problem

              The only German word I remember is Geburtstagsgeschenk.

      4. TDog

        Re: Similar problem

        UK passport office insists that all names must be on a passport. So my son with 39 characters wouldn't fit into their 30 character field. In best tradition of the civil service this was made my problem by phoning me up and asking me to help.

        So his last forename is officially Athe.

        That will screw up automated tracking systems. Particularly if he occasionally changes the order of his forenames. Now would I suggest that?

        1. Anonymous Coward
          Anonymous Coward

          Re: Similar problem

          That's going to cause problems - a friend accidentally put the short version of his name in when booking a flight. Since his ticket said Mike and his passport said Michael he was refused boarding on the return flight. He ended up having to buy a new ticket.

        2. Spacedinvader
          WTF?

          Re: Similar problem

          "So my son with 39 characters"

          Okay, I'll bite. What's the name?

          1. Anonymous Coward
            Anonymous Coward

            Re: Similar problem

            His son just has 39 friends with unusual personalities.

            1. Eclectic Man Silver badge
              Boffin

              Re: Similar problem

              One of the lecturers at Leeds University wrote a very good algebra book: "Rings, Fields and Groups"*, by

              R B J T Allenby (Reginald ... )

              His full name spelled out might just squeeze into 32 characters, but it would be tight.

              * Get the second edition, as it ends with a chapter on Galois Theory. The style challenges you to remember and understand the maths, rather than just let it wash over you.

              1. Ken Moorhouse Silver badge

                Re: Galois

                Brilliant mathematician... not so good with a gun.

      5. Anonymous Coward
        Anonymous Coward

        Re: Similar problem

        Reminds me of Santander's terrible systems. I don't know if they've fixed it now, but when entering street address it asks for a prefix (free text field) and a mandatory suffix from a drop-down. So you can live on Tollington Street, or Tollington Lane, but not just Tollington. As I lived on the latter, whoever entered my details selected Lane as the suffix and all post about my mortgage went to that address round the corner even though the postcodes differed. I saw this quality bit of design in practice when I went into a Santander branch to get the address corrected.

    2. Adelio

      Re: Similar problem

      That is even more true when you contract out development to a sweat shop. They will write literally whatever you spec and hardly ever question what you have told them.

      I ALWAYS question any requirement to make sure i understand what they are trying to do. Not what they say.

    3. hoola Silver badge

      Re: Similar problem

      PlusNet did something really stupid a while back where they changed the password requirements. I don't know when it happened but I fell over this at the beginning of lockdown last March. The Internet router at a small business a occasionally support stopped working and needed restarting. At that point it refused to then log back into the ISP. This was great, limited access, trying to get some people home working.

      Log into the account, WTF, cannot log in "your password is incorrect". Go back and check, no it is not incorrect so now we have no Internet & cannot login to create a call. I phoned business support and they were adamant the password was correct so what the hell was going on?

      Reset the password (of course this now requires access to the business) having had various complex passwords rejected, login to the account. As a test I reset the password with a different combination of the same characters as the "incorrect password" and it will not let you set it. Bloody hell, this is ridiculous. Eventually I find a link that states there are now illegal characters in passwords. What it did not point out was that if you had one of these characters and the router rebooted then it would never log back in again.

      1. gnasher729 Silver badge

        Re: Similar problem

        "Eventually I find a link that states there are now illegal characters in passwords."

        I remember an article two weeks ago that told you you are racist for using the word "illegal characters". It needs to be more inclusive, like "special characters".

        But you're right, that _is_ stupid. The requirements should be checked when a password is created. Once it's created it should stay valid forever, even if it doesn't conform to the current rules.

        1. Ace2 Silver badge

          Re: Similar problem

          I just had the same thing with the Washington Post. A while back it stopped letting me log in; the form would say “invalid password.” I figured out that my throw-away password didn’t meet their new length rules, and it wouldn’t even let me in to change it.

          P.S. I love “drop table witch”

          1. Eclectic Man Silver badge

            Re: Similar problem

            One system I tested had the interesting feature that you could change your password to one that started with a space character " ", but the password field on the logon screen ignored leading spaces...

            Oh what fun we had!

            1. Anonymous Coward
              Anonymous Coward

              Re: Similar problem

              NAB bank only used to use 8 character passwords, but they didn't actually tell you that and the field would accept more. It just silently discarded everything from 9 onwards.

              Only came to light when they finally updated to allow longer passwords and then had to sheepishly ask users who had previously used more than 8 characters to only use the first 8 now.

      2. Claptrap314 Silver badge

        Re: Similar problem

        If a site has a maximum on password strength, assume that it is being stored in the clear. There is literally no other reason I can imaging for doing that.

        If it has "illegal characters", it means that they are executing the string in some environment.

        I trust that you will use this information only for good. I'm pretty sure 80% of script kiddles already know this. I am certain that 100% of active hackers of any color know it.

  8. Kevin McMurtrie Silver badge
    Pirate

    Vulnerability?

    Parsing fields as an untyped object then casting it into the structure later. Nice. I bet people are now testing if they can cause an interesting type of object to be created in the JSON library.

  9. Ken Moorhouse Silver badge

    Spandau Ballet's turn to be prescient...

    Why do I find it hard to write the next line?

    1. Kane
      Joke

      Re: Spandau Ballet's turn to be prescient...

      "Why do I find it hard to write the next line?"

      YOU'RE INDESTRUCTIBLE!

      1. Anonymous Custard
        Joke

        Re: Spandau Ballet's turn to be prescient...

        Gold standard comments, it's true...

        1. Ken Moorhouse Silver badge

          Re: Gold standard comments, it's true...

          That reminds me: Barricade firewalls.

  10. big_D Silver badge
    Facepalm

    Typeless

    That is the problem of using a type-less language to parse input... You have to make doubly sure that you are checking the right thing.

  11. GMD

    Six years ago I made the mistake of trying to make the move from Windows to Apple.

    Booted up the MacBook Pro and it was asking this question and that question. A good friend was with me who has used Mac's for decades and helped me answer the questions as some of the terminology was new to me (no explanations or help available, you are supposed to know it!!).

    We got to one point where it went off to 'Updating iCloud & something else. This will not take long'. Well some 26 minutes later the screen allowed us to move on.

    Then my iPhone started pinging and vibrating My Contacts were randomly increasing sometimes a Contact would be repeated 5 times while other Contacts only twice.

    That was just the start of six months of daily wrestling just to get the machine to boot and join iCloud or some days to even get it to connect wirelessly. The list of woes is very long, which I won't bore you with. None of which Apple were ever able to fix and eventually gave me my money back. I'm still left with iPhone and iPad issues due to their inability to fix their own environment!!

    After 40 years in the Digital Sector I have never experienced such appalling Customer Service.

    So am I surprised to read this article; No.

    1. Eclectic Man Silver badge

      Intuitive

      GMD: "no explanations or help available, you are supposed to know it!!"

      Of course there is no explanation, it's intuitive, innit? It is WTFYSIWYGUIRTFMPEBCAK.

      GMD: "After 40 years in the Digital Sector I have never experienced such appalling Customer Service"

      Not been 'on hold' to MS Visual C++ support much then?

    2. A Non e-mouse Silver badge

      After 40 years in the Digital Sector I have never experienced such appalling Customer Service.

      If you think Apple Customer Service is the worst, you must have had a very sheltered life in IT.

      (I'm not saying Apple Customer Service is great - but it's a heck of a lot better than many other vendors)

  12. FlavioStanchina

    What about her sons?

    Also, she should consider calling her firstborn "Not" and trigger all sort of paradoxes:

    "Who are you?"

    "I'm Not True"

    (universe implodes)

    1. YetAnotherLocksmith Silver badge

      Re: What about her sons?

      Underrated comment, that.

      1. Roger Kynaston

        Re: What about her sons?

        A friend of my Brother was called Iain T (I'll leave the surname to protect the guilty). He would answer the phone I ain't speaking. Childish I know but then what do you do in Sidney BC in the late seventies and early eighties?

  13. General Purpose

    Homer did it first

    (about 2700 years ago, maybe more)

    Odysseus: My name is Nobody.

    Cyclops: Nobody has blinded me!

    Other cyclopses: The emergency number is for actual emergencies.

    1. Eclectic Man Silver badge

      Re: Homer did it first

      I believe the cyclops in question was Polyphemus.

      And Jules Verne copied the idea in '20,000 Leagues Under the Sea' with Captain Nemo*.

      *Latin for No Man, definitely NOT a clown fish.

  14. Anonymous Coward
    Anonymous Coward

    My real name is Java Lang NullPointerException and I tell you it causes no end of problems on support tickets I raise.

  15. TeeCee Gold badge

    Help via Soshal Meejah.

    Many moons gone, I did the old skool version of that.

    I used to hang around on a list server (think Tw@ter, only without the bullshit and arseholes) dedicated to IBM midrange stuff. After a while we started to see some very odd messages about attempting to traverse the wormhole and such (yes, DS9 was current then). Turned out that the IBM Rochester AS/400 development team had aquired an internet connection, had found our friendly list server and were attempting to get access through their firewalls. They succeeded.

    A while later I ran into an odd comms problem on the AS/400. Hardly surprising, doing weird things with midrange comms was my thing at the time and this was a very early version of OS/400, but this was throwing errors that, in theory, didn't exist. I chucked the details at the list to see if anyone bit. I got a quick reply from one of the IBM lads saying that he'd written the microcode for the x86 processor on the comms controller card and I'd just found the bug in it. Anyhow, if I waited a couple of weeks and asked for PTF number nnnn, it would fix the problem. This led to the following exchange with IBM Software Services South in Basingstoke:

    Me: "I need PTFnnnn."

    IBM: "That's not the way it works. You describe the problem, I feed it into the system and it suggests possible fixes, if there are any."

    Me: "OK" (detailed problem description with relevant SNA sense data).

    IBM: "Ah. Right. Yes there is a fix for that......what was that number you said?"

    Me: "nnnn".

    IBM: "Yes, that's the one.....hang on.....you said you were TeeCee?"

    Me: "Yes".

    IBM: "The customer number you gave me is for XYZ company though."

    Me: "Yes, that's us."

    IBM: "Could you tell me why your name is down as the requestor for an internal development fix from IBM Rochester?".

    Me: "Yes, but I'm not going to."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like