Oculus Rift headsets took a day off thanks to certificate snafu

If you've got an Oculus Rift and you've tried to use it in the last 24 hours, you probably ran into some trouble. Early yesterday morning, folks on Reddit reported an inability to launch the Rift software. Five hours after the trouble started, Oculus made a post in its own forums acknowledging and apologizing for the problem, although it still wasn't completely clear at that point what the issue was.

As it turns out, a digital certificate required by Windows for Oculus' software had expired. The issue meant that practically all day yesterday, every single Rift kit worldwide was essentially a very expensive and awkward-to-use paperweight. Folks figured out various workarounds like simply changing the system date to before the issue started, or using NirSoft RunAsDate to make the Oculus Home app think it was running at an earlier date. Reddit poster TrefoilHat has the explain-it-like-I'm-5 version of the problem here.

Fortunately, there's no need to faff about with hacky workarounds any longer, because Oculus has now issued an official fix for the problem. Unfortunately, the certificate issue also prevents the Oculus software from simply updating itself. If you've got a Rift and want to get up and running again, you need to grab the update from Oculus directly or click here for more details on how to get set up again.

Comments closed
    • Chrispy_
    • 2 years ago

    Did this snafu affect the DK2 as well?

    I haven’t plugged mine in for at least a year but I’m assuming that the SDK the DK2 runs on never required a certificate.

    • odizzido
    • 2 years ago

    Why this would even require a certificate to function is beyond me. I consider the rift to be garbage because of it, which it will be one day when they decide to not bother renewing the certificate.

    • ludi
    • 2 years ago

    “Welcome to ‘Whose Software Is It Anyway?’, where the terms are made up and physical possession doesn’t matter.”

    • Neutronbeam
    • 2 years ago

    It’s not a bug; it’s a feature–when you stare into the dark Rift, the Rift stares into you.

    • SlappedSilly
    • 2 years ago

    Just a friendly reminder: You didn’t buy that Oculus Rift, you paid for the privilege to be used by it. 🙂

    • chuckula
    • 2 years ago

    Ahh the joys of expiring certificates in PKI.

    I would *NEVER* make that kind of mistake!

    [discretely runs around making sure the self-issued VPN certs aren’t about to expire next Tuesday]

      • morphine
      • 2 years ago

      I actually feel for Oculus because yes, someone would need to keep an eye out, it’s such an easy mistake to make and one that can really Break Stuff, as evidenced.

        • BillyBuerger
        • 2 years ago

        Or they could, you know, not require their hardware to phone home before allowing it to be used. Just a thought. Then this mistake would just mean it could access the site for checking for updates or whatever.

          • psuedonymous
          • 2 years ago

          Oh yes, let’s just use an updater that doesn’t check signatures before installing a binary downloaded from the internet. That’s not a totally moronic failure of basic security at all!

          Signature checks occur for a damn good reason. A few hours of downtime to get an updated cert ready and rolled out in the event it expires without being replaced is nothing compared to leaving a gaping “EXPLOITS ENTER HERE” backdoor.

            • synthtel2
            • 2 years ago

            [s<]Or we could cross-check the download properly, but continue to the program if something about the updater fails. (If people running out-of-date versions are somehow that big a problem, which they shouldn't be for this, kill the program after a few days out-of-touch, but not instantly.)[/s<] (This is irrelevant - see my comment two levels further down.)

            • psuedonymous
            • 2 years ago

            That’s not how signature enforcement works. If a DLL access protected functions (e.g. network connectivity, hardware connectivity) signing is enforced. If you suddenyl decide “well, it failed the signature check, but just run it anyway” you have completely negated all effectiveness of signing.

            It has absolutely nothing to do with program version, or ‘signing in’ or ‘phoning home’ or other such nonsense. Signature enforcement is a windows function, and operates off of the system clock.

            • synthtel2
            • 2 years ago

            I skimmed everything too fast and got the wrong idea about the problem, never mind.

            • RAGEPRO
            • 2 years ago

            Some people might (reasonably, IMO) be more concerned about the long-term functionality of their pricey VR headset than about an extremely difficult-to-attack security “hole,” heh.

        • derFunkenstein
        • 2 years ago

        Just stick it in your Google calendar to renew it a month in advance.

        Easy for me to say that now, of course. LOL

          • DancinJack
          • 2 years ago

          Yeah, but then Zuckerberg tells you that you have to go to Iowa to talk to farmers on the day of, so you push it back and then POOF it’s expired next time you look. IT HAPPENS OK???

          • GodsMadClown
          • 2 years ago

          Or monitoring, or use letsencrypt.

Pin It on Pinterest

Share This