June 17, 2009, 12:39 PM — Writing buggy applications is a cinch--for decades, the world's software developers have been proving that with just about every program they release. Truly interesting bugs, however, are a relatively rare breed. I'm talking about the kind that cause technology products and services to stop working for extended periods, or that prompt them to behave as if they were possessed or harbored grudges against the humans who use them. And even though the bugs themselves usually stem from mundane errors such as typos or faulty math, their symptoms are anything but boring.
For this story, I rounded up nine truly peculiar bugs that bedeviled customers of some of the largest providers of software and services on the planet. (I didn't cover ones with catastrophic side effects such as explosions or the death of human beings; Simson Garfinkel discusses some of those in this creepy good read at Wired.com. Of course, when it comes to bugs, Windows occupies a category of its own, as you'll see in "The Worst Windows Flaws of the Past Decade." And sometimes the problem isn't a mistake so much as a really bad idea from the beginning; see "The 25 Worst Tech Products of All Time" and "The 10 Dumbest Tech Products So Far.")
I began my research intending to cover the whole PC era, but I quickly discovered that most of the strangest bugs have appeared in recent years. As a matter of fact, the three wackiest ones in my list--involving Google's Android OS, Microsoft's Zune, and Google itself--all cropped up in just the past few months. I'm not sure if software is getting buggier, but I am pretty certain that bugs are getting weirder.
Our first bug, however, dates from a simpler time. One in which it didn't occur to software companies to do things like encrypt intensely sensitive information...
1995: Many Unhappy Returns
The bizarre symptom: Intuit's MacInTax (a program later replaced by TurboTax) was designed to let Mac users file their taxes. But the version for the 1994 tax season had another feature, discovered by one taxpayer: It allowed any customer with a little telecommunications knowledge to dial in to a computer where 60,000 tax returns sat unprotected. Once in, a user could view any return, make changes, or simply erase the return entirely.
The bug: MacInTax was bundled with a debug utility intended to help customers diagnose modem problems. The utility dialed in to a server operated by an Intuit subcontractor. The utility used an account name and password that weren't encrypted or otherwise obscured, and that granted anyone who stumbled across them complete access to MacInTax users' data. Intuit called the glitch "an oversight"--no kidding!--and apologized. The company offered to pay any penalties suffered by anyone whose return encountered problems as a consequence.
1998: Auction Interruptus
The bizarre symptom: On June 10, eBay--then, as now, the world's dominant online auction site--suffered an outage. Nothing remarkable about that: Throughout the late 1990s, the company's sellers and bidders frequently faced unscheduled downtime. But this outage just kept going and going. By the time the site recovered on June 11, 22 hours had passed and 2.3 million auctions in progress were compromised, forcing eBay to waive a small fortune in fees.
The bug: eBay blamed the meltdown on a corrupted database, and it blamed the corrupted database on buggy Sun Microsystems software. Fourteen months later, the site had a 14-hour outage that was nearly as embarrassing and costly; that time, the company said that hardware problems were to blame.
2005: Surprise Ending
The bizarre symptom: Did you ever suspect that TiVo's mascot--a tiny anthropomorphic TV with a lopsided grin--has a sadistic side? You might have if you owned one of the company's DVRs back in late 2005. That was when couch potatoes began to notice that their TiVos were randomly chopping large chunks off the end of shows, turning many a program with a suspenseful conclusion into a permanent cliffhanger.
The bug: The company took a while to respond, but eventually it concluded that the truncated recordings affected only Series 2 TiVos that had been running continuously for extended periods. Initially it advised owners to power their DVRs off and then on again occasionally, and later it issued a patch designed to eradicate the problem permanently.
2006: Game Over
The bizarre symptom: You could say that Bubble Bobble Revolution, a Nintendo DS remake of the 1980s arcade classic Bubble Bobble, was a surprisingly tough game. Level 30, for instance, was unbeatable--literally. That was a trifle odd given that the game boasted a total of 100 levels.
The bug: As in many arcade-style games, Bubble Bobble Revolution levels ended by challenging the player to defeat an überenemy, known as a boss. But level 30 had no boss to defeat, and therefore no way to continue to level 31. Months later, publisher Codemasters replaced defective cartridges with a debugged version--and threw in another game, Rainbow Islands Revolution, by way of apology.
2007: Skype Down and Out
The bizarre symptom: On August 16, fans of the wildly popular Skype Internet telephony service noticed that Skype wasn't working properly. It wasn't a brief hiccup, either. For most of its millions of users, Skype stayed out of commission for two days--possibly the longest outage ever for any major Web service.
The bug: Throughout the blackout, Skype employees blogged frequently and openly about their attempts to put things right again. But it was only after they managed to restore service that they explained what had happened: Microsoft's Windows Update had patched the PCs of vast numbers of Skype users all at once, forcing their computers to reboot. Once all those PCs restarted, they tried to log in to Skype simultaneously. In theory the service shouldn't have been fazed, but the mass connection attempts revealed a debilitating bug in its resource-allocation algorithm. In a follow-up post, the company said it didn't blame Microsoft. But given that the Windows Update patches that triggered the problem were designed to fix Windows bugs, the saga remains a fascinating example of how exterminating bugs can be as dangerous as leaving them alone.
2007: Pirates, Pirates Everywhere
The bizarre symptom: Microsoft's Windows Genuine Advantage copy-protection technology is designed to pester software thieves by denying them software updates, nagging them to pay up, and disabling cool features. But on August 26, WGA started randomly harrassing folks who had forked over money for their copies of Windows. For 19 hours, it essentially lost its ability to tell a paying customer from a pirate.
The bug: In a post-recovery blog article, Microsoft's Alex Kochis said the company had accidentally sent preproduction code to WGA servers that authenticated copies of Windows as genuine. The preproduction code assumed the presence of software that provided extra-strong encryption of Windows license codes, but that software hadn't been rolled out yet. The cocktail of beta code and unreleased software proved poisonous, and WGA began rejecting legitimate Windows licenses as fakes. It wasn't the only time that WGA misbehaved, but it was unquestionably the technology's low point. Possibly as a response, Microsoft has since made WGA less punitive. (It also recently renamed the function Windows Activation Technologies.)
2008: Easier Than <Ctrl>-<Alt>-<Del>
The bizarre symptom: When the T-Mobile G1, the first phone based on Google's Android OS, arrived in the fall, users soon discovered that if you typed "reboot" on its tiny keyboard, the phone would, indeed, reboot. It sounds like a benefit, not a bug--except that it happened in every Android application in any context, even if you were simply dashing off an e-mail to your grandma advising her to reboot her PC after installing new software.
The bug: Android, which is based on Linux, shipped with a geeky feature designed to let programmers log in with the highest privileges and issue command-line instructions to the phone from remote devices. Unfortunately the feature was so buggy that the phone always accepted the commands, regardless of privilege level. And if no remote device was found, it simply executed commands that it noticed being typed on the keyboard at any time. Beyond the undesired reboots, the flaw opened a security hole of potentially massive proportions; Google admitted as much when it patched Android to eliminate the flaw.
2008: The Day the Zunes Stood Still
The bizarre symptom: You gotta feel sorry for Zune owners. Not only is their MP3 player of choice a synonym for "yet another unsuccessful Microsoft attempt to be cool," but on December 31, everyone who owned models with 30GB hard drives discovered that their players were spontaneously rebooting and then freezing when the owners tried to restart them. It was as if someone had booby-trapped the world's supply of 30GB Zunes to prevent them from making it into 2009.
The bug: Leap years may have been around since Julius Caesar invented them in 45 B.C., but software developers still don't seem to understand them. The Zunes refused to start up because of an error in the way the devices dealt with leap years--one of many examples of software having trouble with the concept of a year with an extra day. Fortunately, the fix was simple: Rebooting Zunes on January 1 brought them back to life. Kind of a drag for anybody who had been planning to use one to liven up a New Year's Eve party, though.
2009: Malware Everywhere
The bizarre symptom: Ever do a search on Google and notice that one of the listings in the results is accompanied by a warning that Google believes it may be laden with malware? If you Googled bright and early on January 31, you might have. For 55 minutes that morning, Google results flagged every site as hazardous to your PC. That's every site as in the whole darn Internet, including all of Google's own sites and services.
The bug: As Google's Marissa Mayer explained in a blog post, the malware-detection feature identifies dangerous sites by looking them up on a list of known offenders. On the morning of January 31, an update to that list accidentally included a slash ("/"). All URLs include a slash, and the antimalware feature interpreted the slash as meaning that all URLs were suspect, and therefore it blithely attached warnings to every site that surfaced in results. Many software errors stem from typos, but it's rare to see one so simple have results so sweeping and strange.
Former PC World editor in chief Harry McCracken now blogs at Technologizer.