There is no reason to autocorrect a QR code scan. QR codes come with built-in error correction, so there’s a vanishingly small chance of a successfully-scanned QR code containing an error. It seems like Camera here might be treating QR code URLs as manually entered URLs or OCRed URLs and applying autocorrection logic.
...and if the blocks did happened to be misread in a way that deceived the autocorrection, it would be an entirely different string and not something fixable on string level. Single char differences in qr code input tend to be huge. This can only be explained by the QR result getting passed through a pipeline intended for OCR results. An almost depressingly boring explanation. It kind of seems like something that would likely happen in big organisations from disconnect between those deciding and those with their fingers in the code, but it could also happen to a solo.
It is more likely trying to autocorrect the url entred during the QR code creation process. Which is stupid. Don't people usually test their QR codes after printing?
So far, I've been able to reproduce a few transformations:
* www[0-9].example.tld -> [0-9].example.tld,
e.g. www1.nyc.gov -> 1.nyc.gov
* example[ac|co|gov|edu].tld -> example.[ac|co|gov|edu].tld
e.g. exampleac.uk -> example.ac.uk
My guess, as someone else further down the comments mentioned, is that some URL handling library is doing more than expected to its input. I filed an internal bug report referencing some of the public reports from a dev build of Android 12, so hopefully this will get triaged soon if someone hasn't already done a similar reproduction.
(I work at Google, but on nothing remotely related to Android.)
Thanks for confirming the report. I'm curious - if you hand-wrote a URL on a piece of paper (or printed it out from a printer/displayed it on a different screen), and then scanned it with the camera, would the camera pick it up? Would the camera corrupt the URL?
Interesting question! However the OCR functionality in the camera (through Google Lens) runs a separate pipeline. Other bug reporters said Lens didn't have the issue when scanning QR codes so I doubt it would surface there.
Sigh. There is literally nothing I like about the changes in Android 12 versus 11. This seems like yet another shoe-horning in of "cleverness" when it wasn't invited and in this case appears to be outright broken.
After disabling every single assistant or enrichment option I could find, Android is still putting auto-reply prompts into any notification that has a reply button. GO AWAY!
The "material you" redesign is just such a ridiculous waste of space, too. They changed all the things that worked just fine. But I guess a feature-complete operating system must still receive a major update every time the planet completes a lap around its star because the marketing department said so?
Google seems to LOVE taking a working, great product everyone enjoys, and mutilating it to make everyone miserable. There are many examples. And I know at least one person who updated their phone to android 12 and found it so off-putting they downgraded back to 11 (thankfully you can do that). I just stay on 11 to begin with.
The best feature from Android 12 is being able to update quick setting within the status bar. But that was a feature from Android 9 or 10 that they removed in Android 11.
I don't understand what's going on in Google's mobile division. Android 12 is filled with bugs that aren't fixed months after release. The Pixel 6 came with a terrible fingerprint scanner. They released a completely botched update for the Pixel 6 that broke basic cellular connectivity, and it took more than a month for a fix. Feels like this part of the business isn't a priority for them anymore.
I’ve always read that Google’s internal incentives discourage maintenance and encourage novelty, and that this is why from the outside google is just an endless churn of product redesigns and replacements.
I have a pixel 6 pro, the assistant immediately crashes if I try to use it. Has been like that for months. One would think google would prioritise that feature for bug fixes.
It is so terrible. The UX is infinitely worse, not just the aesthetics of the huge bubbly corners, but also the menu systems and the pull-down notifications.
And honesty, it seems significantly buggier. My wife and daughter have noticed it on their phones as well. The keyboard frequently disappears while texting, and you can't get it back without exiting the program. Things freeze for longer.
I loathe the fact that I can't click the left hand side system clock anymore and immediately be sent to the clock app. Why this was removed I just can't understand.
Even if users were misclicking, I'd settle for a long press instead.
If I knew Android 12 would be this ugly and annoying I wouldn't have installed the update. What bothers me the most is that I can't opt out of the Material You UI, and it's barely customizable.
I used to be pissed off due to lack of updates on Java support, however NDK does all I care about even though it is quite clunky, and WebGL/WebAssembly are quite good.
So I just stop caring about Android updates beyond watching a couple of Google IO talks.
There is absolutly nothing on the newer versions that makes me think "oh I need a new phone".
I've got to agree with you. I feel like my experience with phones over the last decade has been thrashing between Android and iPhone when I'm finally fed up with one enough to go back to the other. I still miss my Windows phone despite the lack of many apps.
Perfect case of optimization where no optimization is needed. A developer encodes a URL, a user scans it. What is the rate of errors in this scenario? Is it really large enough to warrant "fixing" the end result in any way?
I think I've seen some ex-Googler rant from few years back that performances are measured by impacts, excitements, endorsements rather than objective engineering measures, which he claims overvalues destructive product launches and undervalues necessary maintenance or improvements. I long lost the pointer to the rant but that has been very consistent with my user side experiences.
This change destructs obsolete QR Code reading feature[that needed no change], is impactful[in negative sense], and fixes erroneous URLs[as if there are many]. If you drop negative expressions in brackets it fits a lot of bills.
Technically speaking, adding a period at the end of a URL is valid in that it implicitly exists for all URLs in the context of DNS. Your browser doesn't care however and while not exactly niche, I don't think it's widely known either. Funnily enough, typing a URL" "correctly" such as https://amazon.com. (make sure to include the trailing dot!) can actually cause some load balancers to freak out and serve no or even garbled content! It's pretty neat and this is definitely a tangent. Either way, you don't want your camera mucking with the contents of a QR code
> Technically speaking, adding a period at the end of a URL is valid in that it implicitly exists for all URLs in the context of DNS.
I think your are confusing the role of a trailing dot in the DNS[1] system with the role of a host element in a URI[2].
So, technically speaking, adding a period at the end of a URL is really not OK because `https://example.com/index.html` and `https://example.com/index.html.` are different resources. (note that HN's URL linking logic omits the trailing dot.)
> The rightmost domain label of a fully qualified domain name in DNS may be followed by a single "." and should be if it is necessary to distinguish between the complete domain name and some local domain.
but there is no reason to expect that adding a period at the end of any old URI is going to work.
Although it is valid in DNS, it is not valid in the TLS SNI. If you tell the remote server you wanted some.name.example. with that extra dot at the end that's an error and it should tell you to go away.
All the names in SNI should be real names and not some locally qualified name, the alternative would be confusing because these are identities and so it doesn't mean anything to have proof you're really "testserver4" we want to know whether you're really "testserver4.mycorp.example" or not.
“testserver4.mycorp.example” (no trailing dot) is not fully-qualified and as such could refer to any number of things of differing identities, e.g. “testserver4.mycorp.example.atthomenetwork.com”.
On the other hand, “testserver4.mycorp.example.” (trailing dot) is fully-qualified and is not an ambiguous identity.
> “testserver4.mycorp.example” (no trailing dot) is not fully-qualified and as such could refer to any number of things of differing identities, e.g. “testserver4.mycorp.example.atthomenetwork.com”.
Whether a domain is fully qualified depends on the application. There's no universal syntax. The trailing dot is merely an interface convention followed by some applications to allow the user to indicate that the domain name is complete. It's only useful for applications that don't always deal with fully qualified domains, and perhaps ones that deal with top level domains.
User interfaces MAY provide a method for users to enter
abbreviations for commonly-used names. [..]
If an abbreviation method is provided, then:
(a) There MUST be some convention for denoting that a name
is already complete, so that the abbreviation method(s)
are suppressed. A trailing dot is the usual method.
If you add trailing dots where the dns root would be implied anyway, this could be regarded as an "over-qualified" name. It is considered an error. For example in SMTP. RFC1123 5.2.18 Common Address Formatting Errors:
o Some systems over-qualify domain names by adding a
trailing dot to some or all domain names in addresses or
message-ids. This violates RFC-822 syntax.
RFC822 says "The root node is common to all addresses; consequently, it is not referenced."
Since SNI always uses fully qualified domain names, there is no purpose to having a trailing dot.
Right, so under your approach they need to add a dot, every single time. This wastes a byte during the handshake, in order to transport the dot which you've decided must be there. Whereas the approach they actually shipped does not waste that byte.
If it makes you more comfortable pretend it's an amazing "compression scheme" where they omit that extra byte with a dot in it to save space.
See also IEEE 754 floating point where that first 1 in your binary floating point number is omitted entirely because it's implied and so writing it into the 32-bit value anyway would waste an entire order of magnitude.
The comment to which I was replying said "the end of the URL". Adding the period at the end of the domain name is not the same as adding it at the end of the URL. I responded to what was actually said.
Nginx and Apache handle this just fine, as does Google's, Microsoft's and Facebook's infra.
It's only hipster services such as traefik and caddy that can't handle this. There's a long standing bug on the caddy bugtracker for this, which got closed as wontfix: working as intended.
That's really unfortunate, the trailing dot indicates that it is a fully qualified domain name and I've used this when writing tests, for example, to ensure that a hostname either resolves to some internally served DNS label _or none at all_.
Or when you're writing a thumbnail generator bot that's supposed to generate previews of webpages, but you want to ensure domains aren't resolved relative to your local search domain.
The "fix" seems to be modifying the client you use to trim suffixed dots from the Host header and SNI. But it'd be much simpler if Caddy & Traefik would juat comply with the standards.
See, now I have to wonder if you put 'all_.' as full stop to your written sentence, or as part of a FQ pseudo code in online forum style with no grammatical punctuation. AHHHH!!!
My QA found this out recently - he'd accidentally typed a . at the end of the URL for one of our test servers which ended up breaking CORS - it certainly took us a while to figure that one out.
It's not period at the end, article claims it modifies domain names and subdomains, e.g. www2.example.edu into www.2.examp.le.edu, supposedly when it could match `www` or a second level domain.
The Pixel 3 particularly has been mangled by updates. Someone previously mentioned something along the lines of: if a company bundles security issues and UI changes together, they don't actually care about security, they're just using it as a stick to keep you on the planned obsolescence treadmill. It doesn't even have to be intentional acts to degrade a phone, just make each patch consume more resources (under the auspices of "feature development") and you'll eventually strangle out any old devices once they're not powerful enough to run. Meanwhile, my phone app on my pixel has gotten increasingly buggy and unstable, sometimes breaking outright, over the years.
Looks like it is hooking up AI-powered suggestions to something that doesn't need it.
One super-annoying thing I hit often: the Contacts app on a Samsung phone suggests autocompletes of phone numbers in the edit/add contact flow. Do I now need to explain to stupid computer that I am entering a new number that it does not yet know, ffs?
I mean, seriously, something deep in the OS just sees "oh a phone number goes here? Let me supply one from Contacts...". It's trying to be smart, but in a completely oblivious and counter productive way. It's been like that for years. Does no one use these apps?
Along those lines a friend was complaining about Samsung's contacts app search results.
I took a look and soon deduced it was searching on "sounds like" rather than the actual string, so an exact match is way down the list of partial matches that sound like the search string.
It is madness, like Google refusing to do exact matches only worse.
You touched on the reason I refuse to buy Samsung phones. In fact I'm mystified as to why Samsung devices remain so popular. When my wife and I were engaged she had one of the early Galaxy devices and it was awful.
You don't get the stock File Manager, you get the Samsung File Manager. The window manager is the Samsung Window Manager, or Launcher, or whatever. Hers even had a rebranded browser called "Internet", if I recall correctly.
All those Samsung-specific apps are (or at least were) objectively worse than the stock Android alternatives.
When was the last time you tried a Samsung device? They've continued to improve on everything. Most Samsung users tend to agree that Samsung's first party apps are now better than the stock Android ones: Samsung browser, notes, health app, etc. The One UI interface is clean and much more consistent from version to version than whatever "flavor of the month" Google is doing with stock Android.
I will agree that in the era you last saw it, it was awful.
Internet is heavily optimized, compared to Chrome or Firefox. It feels much faster in usage, and consumes much lesser battery. It has a lot of features too, so that is a plus. Oh, and they understand the advantage of a consistent, stable UI. Things don't move around for no reason from update to update. I love the reliability that provides.
I have exclusively used it for years, can't say that I've heard of any vulnerabilities that affect only Internet.
PS: funny that people are bashing Samsung on a thread with a silly Google bug. This is exactly the sort of thing that never breaks on Samsung devices. QR codes have been a solved problem for years. If Google cannot avoid breakage here, wonder what critical infra they keep breaking without us knowing.
I don't even think it's installed by default anymore either. It's not on my Galaxy Tab S6 Lite, Chrome was installed by default although it was pre-installed on my slightly older A51. It's basically just Chromium with a few tweaks.
They do have some very nice tweaks to Android. You can put apps in floating windows if you want or by hands, quarters whatever. You can even change the opacity of windows which is nice for using a photo as reference image while drawing for example. Dex has been handy a few times too.
Samsung browser is, of course, based on Chromium and it's full of additional privacy protections, support for ad blockers, a private browsing mode that's better than most other browsers (desktop or mobile) that I've tried. And you can have actual browser tabs if you want.
Firefox is my desktop browser and it was also my mobile browser until Mozilla dumbed it down to the point of being useless.
I have a Samsung Tablet and the Firefox experience used to be identical to my desktop experience. All the plugins worked and even synced from the desktop. It was beautiful. Now it's the same or worse than every other mobile browser.
It's fine but it's no longer interesting enough for me to use.
> In fact I'm mystified as to why Samsung devices remain so popular.
What's the alternative? They're pretty much the last premium android manufacturer left. (I would've maybe switched to a Pixel if they hadn't removed the headphone jack)
> All those Samsung-specific apps are (or at least were) objectively worse than the stock Android alternatives.
That's a very strong claim. I'm not a big fan of the Samsung apps (and I'd prefer if they focused on the hardware and supplied stock android), but they often have new features ahead of mainline Android.
That their engineers and managers still to this day prefer to write their own apps instead is using stock or close to stock tells me they haven't learned from that mistake.
> That their engineers and managers still to this day prefer to write their own apps instead is using stock or close to stock tells me they haven't learned from that mistake.
What do you suggest they do when trying to sell in markets where Google apps are not available?
I think it's because Google started tightening the controls on their platform in order to make it more homogeneous like Apple. I think you can't legally say your phone is Android unless you conform to some Google terms. I suppose Samsung's own apps and store are insurance against such an eventuality.
Not that this excuses the low quality of their software. It's in all likelihood filled with spyware too. At least the hardware is good and has good support for custom software.
I go with Samsung because their flagship phones are powerful and tend to last me a few years at least. They make great screens and hardware. Their OS can be hit or miss but often they make solid updates outside of Android. One of my old favorites was samsung pay where you could pay using a simulated magnetic swipe of a credit card. They took out the feature once everyone went to chip, but it made samsung pay work literally anywhere that had a credit card swipe reader. Their phone switching migration tool was leagues better than Google's though I'm not sure if that's the case in 2021. They put out the biggest batteries of all flagship Android phones. There's a lot left to be desired in Samsung Androids including their flagrant use of ads in places where there shouldn't be ads, but they're a fantastic Android phone otherwise.
It's usually easy to install the stock apps instead, but the Samsung ones often do have advantages. Eg scrolling screenshots was a recent highlight of an Android update but Samsung has had it for years.
At least a time ago it did not work. No new pictures was shown in Google Photos behind a Firewall. To see the new pictures you had to turn on the Flight Mode. I never used / tryed Google Photos again since then, so I don't know about now.
The contacts situation from everyone is abysmal, only really good for light personal use. As soon as you are trying to keep your contacts organised or light work use everything turns to shit
I hate it when an app assumes I'm an idiot producing typos half the time, and fighting the autocorrect then wastes more time than it could ever save. Just implement undo and leave me alone.
iOS autocorrect is rapidly approaching the point where it is more of a hindrance than a help. I'm really shocked at the decline over the last couple of years, the most frequent issue is that it appears to be looking at the context, incorrectly understanding it and flipping it's/its, well/we'll, ill/I'll. It is insistent too, so if you hit delete a couple of times and re-type what you wrote it'll perform the same transformation.
It's so bad that I installed Gboard instead recently (never was an Android fan, but used it for a while). But I'm not sure if it's better, e.g. typing code snippets on it is pain.
And there is a little detail in this that I'm questioning my sanity sometimes. The "fact" is that maybe iOS changed the detection point of a tap at some old release, because I was able to type perfectly on iOS 4..6, but then with 7 suddenly started to make typos everywhere. On Gboard now I can't type few words without making a mistake in every one of them. As if it was made to show me that I'm unable to type and need it so bad.
Hasn't it been said before that it is inevitable in a company with 100K+ employees that to get noticed and promoted, it is not acceptable to accept what you already have is decent enough, you have to think of something new and then convince everyone that they haven't lived until the camera corrects your URLs for you?
There is an amount of vanity in a company having mad numbers of employees seemingly unecessarily but who is the person who decides that we can cut 5000 jobs and split the work up between the other people you already have? The CEO? Why bother? You have bucket loads of cash so the status quo is easier any maybe once in a blue moon, someone actually comes up with something really clever.
Same company that has an assistant that suggest one should call the boss at 0400 instead of opening the audio book one was started yesterday or even opening HN as I use to do while I enjoy my first cup of coffee in the morning.
Same company that thinks a married man with small kids needs to se ads for shady dating sites and hardly any other ad for 10 years. These days it is somewhat more varied but with a heavy dose of pay-to-win war games with female protagonists who can barely fit their b00bs inside the uniform.
Same company that mangles my searches, doing these kind of "corrections" transparently with no working way to opt out.
Why why why try to insult my intelligence and my wife at the same time?
I'm not in a position to short anything meaningful for 5 years but the thought has struck me.
I would be happy if the google lens on my Pixel 5a would actually scan the QR code instead of just giving me google image results for similar pictures.
By not having test cases for those specific domains, and by passing your input through some general purpose internal URL handling library that does more than you thought it did [1]. Neither is (very) surprising.
Ages ago, while debugging some zxing oddness I came across a routine in there called 'isProbabllyURL' which was mangling some of my non-URL data into URLs. It was keyed off of a '.' in the decoded text, like basically a regex of /\w+\.\w+/
To see Google have what appears to be a regex 101 bug in parsing the string, along with making the classic programmer error of making fundimental assumptions based only on their own context .... frankly doesn't surprise me.
Google's software has long since started to be hit and miss for me. It has almost become as bad as Microsoft in that regard.
I have lost count of how often I am suggested to change my email's TLD from its proper Icelandic ending .is to .it or .io. To be fair, this is not Google related but universal.
If you dear reader do not do anything else today then to read up on the many falsehoods[0] we as humans can fall into (that then infects our software solutions) it would be a day well spent.
That's a bit unfair, seeing as millions of people use Android every day.
That said, I find that my Samsung S8 has got progressively slower to start apps, particularly, and in that time, nothing else has noticeably changed. I understand obsolete hardware when a load of bells and whistles are added and the old hardware can't do it but I can't see anything noticeably different from 10 years ago.
On the other hand, I can also understand why people don't want to support 10 year old operating systems, which is why I had to bin my perfectly working Macbook Pro once it wasn't allowed to update the OS any more.
What a horrible response by the dev investigator. The thread has all the info you need: the QR scanning functionality truncates TLDs to 2 characters. And provides a list of a dozen examples.
The dev replies with "hi, thanks for the bug report, please provide a memory dump and a screen recording." How about they just try it out? Do they not have phones?
That's probably what they're incentivised to do. Chances are that "clearing" a dozen bugs that amount to "I am a fool and pressed A when I meant B, but I raised a ticket about it" is worth far more to an L1 queue monkey than correctly diagnosing a real bug that should have been caught during QA by somebody way up the ladder, and can be done quicker too.
Also, you ask if they don't "have phones" but to see this they need Android 12, if you bought a new high-end Android phone it might have Android 12. If you bought one last year, maybe it's qualified to upgrade to Android 12 but clearly this brings some bugs as illustrated. If your phone was not top of the line and you bought it say, before the pandemic, chances are you can't run Android 12 at least not today and perhaps ever.
Now, L1 support monkeys aren't flipping burgers or cleaning hotel rooms, I'm sure they do own phones, but there's no reason they own a good phone on whatever they're earning and if they do maybe it's an iPhone, which of course can't run Android 12.
That's when I tell them I'm dumping their product.
Seriously. I sit on the other side of this a lot of the time, and bullshit like this makes everyone's troubleshooting harder. I'm happy to work with someone to troubleshoot a problem, but blindly ask me to waste my time, and I'll usually walk away. Someone else can dance for your pleasure.
I have gotten a lot shorter with this sort of thing, but that's because I've been burned being patient. Push all the effort and costs on to me and you won't have me as a customer.
Makes sense. Google goes to incredible lengths to avoid having one person do a job well, when a microservices-based machine-learning hyperscale blockamothing can do it incredibly poorly.
I get it's a canned message, but surely part of that external triage would be "is there enough info here that we could reasonably just assign this to an intern to try out before needing to even ask for a crash dump [and insert corresponding "we're looking into it" message]." Unless it's a purposeful barrier to entry, which I also cynically understand.
Par for the course for Google's "issue tracker". Bugs get ignored in triage for years, Google doesn't take external patches for Android, issues are left without update or closed because they did not respond.
I assumed it was a developer because in my experience with issue trackers, it's always been developers who get assigned to fix things. And this looks more like an issue tracker than a tier 1 support site. But if that's the case, my point stands - it was the wrong canned response for the support representative to use.
I can't tell one way or the other from that interface the roles of all involved. But I'm not sure it matters.
Sure. And that process is stupid in that case, and should be called stupid. If Google refuses to create a bug report themselves even though the issue is clearly described, then they can get lost.
We both saw a request for more information met with the reply of "get over yourself," but we came to different conclusions about whose response was horrible.
If I describe an issue exactly and the company goes "yeah that's great, can you just do all these extra steps for us first before we can even accept a bug report" then sorry, I'm not going to. Your loss.
To be fair to me, I actually stopped reading when I got to the support response, and came here to post. So it's comforting that the bug reporter independently arrived at the same frustration.
Thanks, I wasn't sure which link I should post. I read the German version on heise: https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-.... But a German article doesn't really fit here. So I thought the original source might be good, didn't realize it was behind a Google login, since I was logged in already.
The camera app in Google Pixels running Android 12 tries to "fix" some URLs encoded QR codes, resulting in wrong URLs being shown and opened by the browser if the user clicks on the suggested link.
Here is a screenshot of the issue as of time of posting. Forgive the zoom, the UI has a iframe scroll which isn't very capture friendly. https://i.imgur.com/hS8jBzw.png
This immediately redirects to a sign-in page. Note that you can't get a Google account without a phone number that can receive SMS, so this is effectively paywalled.
Please omit swipes and snark from your comments here. It's against the site guidelines because it leads to dumber, nastier threads. Your comment would be fine without that last bit.
Ah...I thought this was going to be a "camera turned my QR code into a different QR code" like the fake-news "iPhone camera made my friends face a leaf" story. But in fact it just seems like after the QR code is converted to a URL, the app tries to normalize the URL and isn't familiar with a bunch of new TLDs, so it truncates them(for some reason).
Afaik .co and .net are not confirmed to be affected TLDs, but they are affected in other parts of the address. For example if the QR code contains the URL `foonet.uk` Google's autocorrection would change it to `foo.net.uk`.
