
All of Oculus’s Rift headsets have stopped working due to an expired certificate - twinkletwinkle
https://techcrunch.com/2018/03/07/all-of-oculuss-rift-headsets-have-stopped-working-due-to-an-expired-certificate/?ncid=rss
======
mattnewport
Our VR surgical training startup has been working for the last few months
towards a big medical conference this week where we're showing multiple
training procedures for multiple customers on Oculus Rift, as well as having
our own booth. The headsets all stopped working the morning of the conference.

Fortunately one of our engineers figured out we could get our demo rigs
working by setting the clock back a few days. This could have been a huge
disaster for our company if we hadn't found that workaround though. Pretty
annoyed with Oculus about this

~~~
seba_dos1
Why are you basing medical appliance on such a walled-garden technology you
aren't in control of, while there are more accessible alternatives? Oculus was
already known for locking up fiascos, this really shouldn't be a surprise for
you.

~~~
SkyPuncher
I think you underestimate how many companies build technologies off of walled
gardens - especially in Healthcare.

~~~
CaptSpify
Although you are correct, I don't see how that really matters. Just because a
lot of people do it doesn't make it a good idea.

~~~
Filligree
What's the alternative they should have been using?

~~~
seba_dos1
Anything based on OpenVR or OSVR? It's not like Oculus is a monopolist in this
space, it's just one of the popular options and it's known to be the most
locked up.

------
r1ch
This is not how Windows code signing is supposed to work. Normally you'd get a
countersignature from a timestamp server so that the verification process can
prove that the certificate was valid at the time of signing. It would appear
that Oculus signed their binaries without using a timestamp server, so without
a way to verify when signing happened they become invalid as soon as the cert
expires.

~~~
lopmotr
Something like that. Certificates aren't supposed to stop working just because
they've expired! That would destroy all abandoned or poorly maintained
software within a couple of years.

This problem is deeper than forgetting to update it. It should never have
caused a failure in the first place. Just the fact that the device apparently
can't function at all without the internet is a problem too.

~~~
KMag
Well, either it shouldn't have stopped working, or it never should have worked
in the first place. It's arguable that no signed software should run without
the code signature being timestamped/signed by a trusted timestamp server.
Otherwise, simple developer laziness causes 99% of software to stop running a
couple years after being published.

On the other hand, maybe this is really a lazy feature. It's probably a good
idea for the system to disallow both incoming and outgoing network traffic to
any program written in a non-memory-safe language that hasn't been signed in
the past couple of years. The lazy version of this feature is just not to run
any program not signed in the past couple of years.

Edit: Requiring a timestamped signature on the signature also makes it pretty
easy to add auditing functionality to the timestamp server whereby the
publisher can detect unauthorized signatures due to their private key being
leaked/stolen by criminals or governments. If the timestamp server's logs show
a signature by your key that you don't recognize, then something has gone
wrong. On the attacker's side, they need to either steal the timestamp
server's private key or publish their malicious signatures for scrutiny.

~~~
Piskvorrr
Wonderful, let's just autokill all abandoned software out of laziness. I can
think of multiple programs that I use which haven't been updated in years,
sometimes because there is nobody to develop them (project was
cancelled/company ceased to exist/sole developer got fed up and
quit/whatever). What are my options? Get a crappier but new alternative, or
nothing - just because someone thinks "old == bad" (Meanwhile, new and drool-
proof programs tend to exhibit the same bugs of old, despite having been
sprinkled with magic memory-safe dust and blessed by current signature)

~~~
nikanj
My browser refuses to connect to a large number of websites, because they're
still following the SSL best practices from last week. Apparently this is the
reality we've decided to live in.

~~~
djpr
Firefox and Chrome give me that warning page, but I just click on "Advanced"
and it will let me continue to the website. At least for me, it's just a huge
warning to be careful but I still have ultimate control.

~~~
digi_owl
Watch Google decide that the advanced option is a security problem, and remove
it, and Mozilla gladly playing along because "security" and "users are dumb".

The "owner" is no longer in control, and has not been ever since the web
became "app-ified".

~~~
Spivak
It's not that 'users are dumb' it's that the only way to keep users and lazy
IT staff from telling people to just click through the warnings is to make it
difficult to do so. How else can you fight the 'click through until it works
because I have work to do' mentality?

Browsers could have bright red flashing lights telling users that they're
currently being phished and users would still enter their credentials because
doing nothing isn't seen as a meaningful alternative action.

~~~
nikanj
But there's no UI difference between "you're currently being phished", and
"there's been a proof-of-concept white paper, that shows a nation-state level
actor could theoretically decrypt this communication by spending a few hundred
million".

------
maxander
One wonders if we've made technology unnecessarily complicated. In order to
build something like the Oculus Rift, they obviously needed expertise in
hardware design, optics, display technology, manufacturing, user interface
design, etc etc. Also, they apparently needed expertise in managing the ins-
and-outs of the Windows driver security system. Adding one more subject to
their already crowded curriculum wasn't very nice of Microsoft.

A lot of applications and environments seem to be built with the assumption
that they can add arbitrary complexity to their interface, since they're only
going to be used by "experts" who can be expected to know everything of
relevance and work through a thick documentation to understand the system. In
truth, the "experts" who use your programs are going to also be using a dozen
other applications, each with their own piles of documentation (or equal
amounts of lack-of-documentation,) and have little brain-space left for the
intricacies of your framework. So, they're going to use your system while
knowing the _minimum possible amount_ about it; if that system contains traps
that cause problems for this kind of user, that's _bad design._

~~~
andrewmcwatters
I was just reading something here about Cairo and how it's easy to fall into
slow code paths with it, and if you happened across falling into a slow code
path, somewhere along the line, "you fucked up."

When I read the comment I was immediately flabbergasted: no, someone else
fucked up. It's not my fault someone wrote software that sets up undocumented
traps for me to fall into. Or provided three ways to do something and two of
them are not recommended OOTB. Or is primarily documented by third parties.

~~~
adrianratnapala
The problem in this case is much deeper than their fault / your fault. The
problem is that in this industry we do (have to?) lean too much on the power
of abstraction.

Whether you are writing SQL or graphics code you are constantly told "just
express what you want to express directly, and the system is smart enough to
do things as efficiently as possible".

But that might not be very efficient at all. The people who write "the system"
have to write software that does specific things in specific situations and
there will be endless cases which cannot be dealt with efficiently. And the
more the interface hides the implementation, the less likely it is that those
cases will be obvious.

~~~
erikpukinskis
Yes, you’re talking about the proliferation of declarative APIs over explicit,
imperative ones.

My pet theory is that because we typically understand our needs before we
understand the code paths required to fulfill them, our V1 APIs are usually a
declarative “this is what should be” interface. Then we spend days or months
making it happen and by the time we understand the required code paths, we’ve
totally baked our expectations about the “make it so” API into our
architecture.

Getting to a good, explicit, imperative API requires a whole nother step, and
often a major refactor. You have to step back and ask “what is really
happening now and can I conduct it more directly?”

... but by that time your code works and it hardly seems worth the effort.

But it is worth the effort. The declarative API will just get uglier as you
add to it, and provide no real guidance about where future additions should
go. Just throw another key in the config. Add another conditional. An
imperative one will constrain your future choices about how additions can
work, and therefore helps you clarify your domain model as you add to it.

~~~
andreareina
I lean towards providing both -- high-level abstractions sufficient for the
90% built on lower-level abstractions that are available if needed.

~~~
erikpukinskis
Declarative/imperative is orthogonal to high level/low level.

You can have high level imperative APIs... they just need to be explicit.

------
squarefoot
This one will hopefully be solved quick by the company, but think of what
would have happened if this was a piece of technology sold in hundreds
thousands pieces by a company now out of business: instant tons of electronic
junk that would be instead perfectly useable if there was a law mandating all
software/hardware details to be released if either of these conditions are
met: IP owner going out of business, company declaring the product obsolete
and stopping any technical support or upgrade, product sales plummeting due to
competing or new models. The first two are obvious while the third one would
allow some of the devices to be repurposed instead of thrown away. I've saved
a good number of old access points / routers from the landfill by installing
OpenWRT/Lede where possible o their latest available firmware,pairing them
together, adding homemade external antennas (small Wifi antenna enclosed in
white PVC pipe plus self bonding tape, silicone sealant and heatshrink, RF240
cable and RP/SMA or N connector: => years exposed to sun, rain and snow with
zero problems). I install them at really low prices to customers who need a
cheap wifi bridge from point A to B. I would love to do a similar "afterlife"
service to old cellphones, but none of them could host a true native Linux
install because of how tightly closed the underlying hardware is, and all of
them sooner than later are doomed to be thrown away.

The problem lays in the IP. It's considered to be a vital asset so that when a
company goes belly up it will survive kept years or decades in a safe by law
firms in the hope someone will buy it, or just to make profits through
litigation against infringers. Unfortunately this has a deleterious effect on
products derived from that IP, the people who bought them and the people
living where the unusable products will be trashed.

------
legitster
They let their certificate expire, essentially bricking all of their devices.
And now the app running it won't start, so they can't push an update.

Just recently picked up a Rift. I love the hardware and their exclusives are
top notch, but this confirms my suspicions that their backend is super goofy.

They sell Rifts at Best Buy and want to pretend that it's a consumer-ready
product, but here's why I am recommending people stay away for now:

\- Non-existant repair or service out of Warranty.

\- Basic things in the platform like changing your name or photo don't exist.

\- Lots of non-response over other basic features requested by the community.

\- Questionable future investment in the platform or hardware. It sounds like
they are moving their efforts towards "lighter" experiences.

In short, it feels like being a legacy customer for a new product.

~~~
whywhywhywhy
> essentially bricking

It's not bricked, bricking means it's as useful as a brick as in the actual
firmware is corrupted beyond repair.

~~~
kevin_b_er
It will be as useful as a brick if nothing can connect to the headset because
it requires a signed communication DLL with a built-in obsolescence timer that
must be continually refreshed by the company.

------
StavrosK
Why is it possible for a device that is basically a display to stop working
because a certificate expired? This future worries me.

~~~
jimrandomh
It's more complex than a display; it's a display plus a collection of USB
sensors and some low-level hooks into display management. This requires
kernel-mode drivers, for good technical reasons, where a normal monitor
wouldn't.

~~~
wtallis
That's a reasonable answer to why the drivers need to be signed in order to be
installed. That's not the question. The question is why should the already-
installed drivers that you've been trusting all along suddenly _stop_ working.

~~~
sjburt
Apparently, they signed them incorrectly.

~~~
wtallis
That puts the blame on Oculus, but the blame really should rest on Microsoft
for enabling and enforcing a signature mode that shouldn't exist at all.

~~~
ryanlol
Does that really not sound ridiculous to you? Microsoft needs to be blamed for
their certificate validation implementation because people might use it to
make their software expire? Instead of just writing code that does so?

~~~
wtallis
Microsoft's driver signing model has a mode that is a giant footgun with no
redeeming value. Oculus is a victim of Microsoft's bad design. They weren't
trying to build in a self-destruct timer for their whole product stack, and if
they were, they wouldn't have used the driver signing certificate as the
lynchpin.

~~~
jlgaddis
I find this reasoning ("footgun", Microsoft's fault) interesting when compared
to the prevalent HN opinions when it comes to, for example, (unsecured) redis
and memcached servers being used in DDoS attacks, or even AWS S3 buckets (with
confidential or even highly classified files) being -- inadvertantly -- left
wide open to the public.

In those cases, "we" (as a "community", in general) often blame the people
responsible for running those services instead of the developers (or Amazon)
being blamed for choosing convenience/ease-of-use over security. That is,
we're often quick to say that the people running those wide open memcached
servers are at fault for not properly configuring and/or securing them -- and
not blaming the developers for creating "a giant footgun".

"You shouldn't be running servers on the Internet if you don't know how to
properly configure them" (paraphrasing) is often stated. Yet, in this case,
we're not blaming Oculus for their screwup and instead blaming Microsoft --
even though there's zero evidence (AFAIK) that Oculus even used any Microsoft
tools to sign their application. (N.B.: I don't know the first thing about
code signing on Windows so it may well be that using a Microsoft utility is
required and, thus, just assumed by those of you who _are_ familiar with the
process. If that's the case, sorry.)

I'm having trouble trying to reconcile these two seemingly opposing
viewpoints. Why is Microsoft's utility "a giant footgun" but a (OOTB)
completely insecure by default, wide open by default memcached server (for
example) _isn 't_?

~~~
wtallis
There's a use case for redis and memcached being open to the network, and a
failure mode if you don't properly separate your internal network from the
public Internet. There's a use case for S3 buckets that are publicly readable,
if they don't contain sensitive/private information. Those features have
reason to exist, even though there's potential for misuse. Secure defaults
would be nice, but can't eliminate these risks.

There's no reason for drivers to have an expiration date. There's no scenario
where it makes sense for the configuration that Oculus stumbled into to be
possible.

~~~
solatic
> There's no reason for drivers to have an expiration date

If you can license software with a definite expiration date, why can't you
license hardware with a definite expiration date? And have your license
enforced by the operating system? Imagine that I'm a company with a hardware
product, and instead of selling that hardware at large expense, I rent it out,
and provide drivers with an expiration date to enforce the terms of the
hardware lease. If the lease is renewed, I'll provide new drivers with a new
lease expiration.

Not that I'm arguing for hardware licensing, or arguing that it was what
Oculus was trying to achieve and screwed up somehow. But there's a difference
between "Microsoft built a feature some of their customers didn't know how to
use" and "Microsoft built an anti-feature".

~~~
wtallis
The driver signing system is not an effective way to implement an expiration
date, if that is your goal. Driver signing enforcement can be disabled rather
easily by skilled users. Licensing restrictions written into the code of the
driver itself are harder to bypass. It also does not seem at all likely that
Microsoft intended for the driver signing system to be usable as a time-based
DRM mechanism like this.

------
Kikawala
Remember folks, if code signing, countersign with a timestamping service[1] so
when your code signing cert expires, your older signed code will still work.
[1][https://search.thawte.com/support/ssl-digital-
certificates/i...](https://search.thawte.com/support/ssl-digital-
certificates/index?page=content&id=INFO1119&actp=LIST)

~~~
hughes
What happens when the countersigning service's cert expires?

~~~
Kikawala
By adding a timestamp to digital signatures, trust conditions are changed to
the following list:

* data is not tampered

* signing certificate _was_ time valid at signing time: signing time is within signing cert's validity

* Neither certificate was revoked _before_ signature generation

* both, signing and timestamp certificates chain up to trusted root CAs (regardless of their time validity, just must be in trust store).

[https://serverfault.com/a/878950](https://serverfault.com/a/878950)

~~~
cxseven
That's weird. The blog post that answer links to implies that even if the
timestamp certificate AND signing certificates are revoked on a date following
the purported timestamp, then the signature is still trusted.

That doesn't make sense to me: If the certificates are compromised, an
attacker could backdate the timestamp to whatever he wanted and sign anything.

What's the thinking here?

~~~
moefh
> implies that even if the timestamp certificate AND signing certificates are
> revoked on a date following the purported timestamp, then the signature is
> still trusted.

That's not how I read it. The "lifecycle table" doesn't mention the case of
both signing and timestamping certificates going bad at the same time, only
what happens if one of them expires or is revoked. The only mention about both
certificates going bad is in the text below the table:

> But timestamped signature remains considered as a valid even if all
> certificates in the signing and timestamping chains are expired.

Note that it doesn't say anything about certificates being revoked.

------
jimrandomh
Saw this, opened Oculus Home, there's a message in the Updates tab saying "An
update may not have installed correctly", and indeed, VR apps didn't work.

Nate Mitchell of Oculus posted on Reddit saying "We're working on resolving
this issue right now. We'll keep everyone posted on progress here."
[https://www.reddit.com/r/oculus/comments/82nuzi/cant_reach_o...](https://www.reddit.com/r/oculus/comments/82nuzi/cant_reach_oculus_runtime_service/dvbsnup/)
. Top-level of that thread has a workaround involving setting the clock back
or using a utility called RunAsDate to fake the clock for a single
application.

------
lunch
_A driver signed with any certificate that expires after July 29th, 2015,
without time stamping, will work on Windows 10 until the certificate expires._

[https://docs.microsoft.com/en-us/windows-
hardware/drivers/da...](https://docs.microsoft.com/en-us/windows-
hardware/drivers/dashboard/get-a-code-signing-certificate#code-signing-faq)

~~~
gambler
What a horrible design decision. Instead of making a system that simply works
or doesn't work Microsoft allowed everyone to produce apps which break at
random times in the future. It's one of those "what could possibly go wrong?"
cases.

~~~
lunch
Is there a default, or standard TTL for this type of certificate?

EDIT: Looks like the standard TTL for these code signing certificates is none,
1, 2, or 3 years.

[https://www.entrustdatacard.com/products/categories/digital-...](https://www.entrustdatacard.com/products/categories/digital-
signing-certificates/compare-entrust-code-signing-certificates)

[https://www.globalsign.com/en/code-signing-
certificate/](https://www.globalsign.com/en/code-signing-certificate/)

[https://www.instantssl.com/ssl-certificate-products/code-
sig...](https://www.instantssl.com/ssl-certificate-products/code-signing-
index.html)

------
scrollaway
This, and many incidents like it, makes me think that running tests 1/10/100
years in the future should be a standard feature of test runners and CI
systems. (on by default)

~~~
sdrothrock
I work with time a lot and have always advocated running practical
simulations, especially over year changes, leap year changes, leap year days,
etc. with the junior engineer I mentor as well as the hardware company that
partners with us -- it's only recently after we got bitten by a time-based bug
that people have started listening.

~~~
taberiand
Of course, if they had listened and therefore never been bitten, they would
have seen the work as a waste of time.

~~~
sdrothrock
That's the nature of the beast. I have to be the noisy guy about testing and
also be the guy who doesn't say "I told you so," but instead continues pushing
testing.

------
m_fayer
I borrow the office Rift every couple of months to play around for a weekend
and see how the field is progressing. Unfortunately what I've mostly seen is a
bunch of regressions, technical and ux, as they update their platform.

~~~
yobrien
The new home 2.0 and especially Dash are leaps and bounds above what home was
like before I think. You do have to enable it (still beta) but I think it'll
be really nice once it's finally released.

~~~
wand3r
Not an Oculus user but I couldn't imagine using their beta software if their
actual QA'ed release upgrades have brick level bugs in them...

------
FrantaH
Wow, thanks to reading HN headlines in the morning I realized my own cert
expired at midnight and I was able to fix it without any damage.

------
Rebelgecko
It sounds like the same expired certificate is also used to sign their
autoupdater's exe, so they can't just roll out an update using a new
certificate.

------
8bitsrule
I'm -constantly- seeing 'certificate expired' in my browser. This certificate
stuff is so hard that they can't pay some Chief Certificate Officer $15/hr. to
-do nothing else- but assure that stuff is renewed in a timely fashion?

We furry 'self-reproducing' (YMMV) mammals are simply not ready for all of
this.

~~~
draw_down
On the contrary, these are problems that can be solved easily. Just need a bit
of foresight is all.

------
mikeash
This seems to be a somewhat common type of problem. I wonder if companies
should routinely test on machines with the clock set one year into the future
to catch them before they hit customers.

~~~
0x0
I think you'd run into other problems then, for example if your test machine
needs to communicate with https sites powered by letsencrypt, all those sites
will appear to use certs that "expired" at least 9 months ago.

~~~
megaman22
It's a mess. At one point we had a backup domain controller that had gotten
incorrectly setup as a time server, and was out of sync with the rest of the
world, with a slight amount of drift. Randomly, our test servers would end up
syncing time from that server at times, and wind up slightly off. When the
time got slightly more than around five or ten minutes off, connections (over
TLS encryption) from those boxes to our Lync IM servers would start failing,
and weirdness would ensue. Reboot the box, or sometimes just sign in and out,
and things would straighten out, for a while. Very spooky.

This was all years ago, so my recollection may be fuzzy, but I spent entirely
too much time futzing with SIP traces and certs. Weird, weird things can
result from time inconsistencies is my takeaway, however.

~~~
jlgaddis
In the world of Active Directory (Kerberos), issues will start appearing when
time is off by as little as five minutes.

~~~
Piskvorrr
As they should. Five minutes off is not a big deal for a grandfather clock,
but it is for most crypto.

------
retromario
For those affected, Oculus now has a patch to fix the issue:
[https://support.oculus.com/217157135500529/](https://support.oculus.com/217157135500529/)

~~~
Grollicus
> If Windows Defender prompts "Windows protected your PC", click More info and
> then click Run anyway.

> If your antivirus software restricts the file from opening, temporarily
> disable your AV and continue.

Good Patch Procedure, 2018.

~~~
Raphmedia
The last time I listened to a vendor and turned off my anti-virus to install
something, this happened: [Flight Sim Company Embeds Malware to Steal Pirates’
Passwords]
[https://news.ycombinator.com/item?id=16418837](https://news.ycombinator.com/item?id=16418837)

------
Angostura
Note for company communication guys.

Please, please don't say: "Our teams apologize for any inconvenience this may
be causing you"

instead opt for "Our teams apologize for any inconvenience this caused you"

~~~
boobsbr
Why?

~~~
crowbahr
"May have caused" is disingenuous ass covering at best.

They soft bricked every single headset worldwide.

"Oopsie we _may_ have caused you inconvenience"

vs

"We're sorry for the damage"

~~~
Angostura
In fact, I cocked up my correction. It should be phrased: "Our teams apologize
for the inconvenience this caused you"

Get rid of the may entirely. I don't know what I was thinking.

------
rb808
Has anyone got a good way of managing certificates in the wild? With no real
management and staff turnover I've seen a bunch of expired certificate
problems.

EDIT: presumably you need your client apps/libraries in the field write back
when they use a cert that is <X months away from expiry.

~~~
judge2020
I'd say someone very high up and "tied to the company", probably the CTO,
should make sure a signing certificate is renewed when needed and make sure
it's rotated every time it's about to hit expiration. For a company as big as
oculus with the backing of Facebook, this is a pretty big issue.

~~~
epberry
I think the CTOs role here would probably be to make sure a process or team is
in place to do this but not actually do it themselves? (For a company the size
of oculus)

------
makecheck
Rotation due to expired keys should be _frequent_ , enough to pretty much
require automated methods to handle the changes. (One of the many great things
in LetsEncrypt.)

If it’s a much longer time scale, people start to forget that it’s even
_possible_ for stuff to expire.

If my fridge filter can display a little reminder light on a timer every few
months, cryptography-dependent devices might need something similar. That way,
your customers could know in advance and be _asking you_ for an update.

------
khazhoux
In 2091, an overworked developer will accidentally let the certificate expire
for the Planetary Shield Defense Matrix, and the Zylorts will finally conquer
Earth.

~~~
Natsu
It's okay, some hacker will save earth in the end by typing commands into a
graphical, 3-D version of OpenSSL 1.2.

~~~
mulmen
Is type the right verb? Maybe glance or stare.

~~~
Amygaz
It will have to be typing, since the new certificate for the perfect retina
auto-alignement will not be in the trusted list

------
agar
OK. The issue arose because the expired certificate wasn't countersigned by a
timestamp server.

So many comments agree that (a) security is hard, (b) countersigning with a
timestamp server is easy to miss, (c) countersigning makes build processes
difficult, and (d) they've done or seen similar things in other
apps/companies.

This sounds like a classic UI/UX issue for developers around a literally
mandated and mission-critical requirement of the OS.

At the least, MS should provide a validation tool to surface errors or risks
before production. Better, signtool.exe should make omissions (like a
timeserver) very difficult and make them an override, not a default. Best,
they would do both.

I don't agree that the OS should reject non-timestamped signatures as faulty
per se (and throw an error), as that puts the burden on the user to understand
a developer's mistake. Sometimes running without a timestamp may be desirable
- ultimately that's the dev's choice.

It should just be a choice made explicitly.

------
navium
This is what happens when a CTO goes for a programming retreat

------
AHTERIX5000
So it's impossible to use Oculus headset locally without runtime calling home
and checking something?

~~~
Rebelgecko
It's not phoning home (or at least if it is that's not the issue here). The
cert used to sign the actual binaries expired, and Oculus signed the binaries
in a half-assed fashion that tells windows not to run the code with an expired
cert-- what they _should_ have done is timestamped[0] when the signature was
created. Since the binaries were signed before the cert expired, nothing
should've broken. This is one of those cases that required a perfect storm of
multiple mistakes/oversights.

[0] [https://msdn.microsoft.com/en-
us/library/windows/desktop/bb9...](https://msdn.microsoft.com/en-
us/library/windows/desktop/bb931395\(v=vs.85\).aspx)

------
juanmirocks
I feel more understandable with Oculus in this one... Recently I also left an
certificate, expire...

However, this affected only one single customer of ours and we had a fix
within a couple of hours. -- I certainly learn from this mistake.

------
logicuce
I am yet to find any official statement from Oculus on this. Am I missing
something?

~~~
dharmab
They have a support article and fix at
[https://support.oculus.com/217157135500529/](https://support.oculus.com/217157135500529/)

------
toomasr
GoPro Desktop app's certificate expired more than a week ago and no update. I
wonder if this will give them a nudge [https://community.gopro.com/t5/GoPro-
Apps-for-Desktop/Instal...](https://community.gopro.com/t5/GoPro-Apps-for-
Desktop/Installation-Developer-certificate-expired/m-p/146532#M11495)

I thinks IT is used to managing HTTPS certificates, domain name auto-renewals
but app level certs are more of a new thing.

------
nottorp
So you're saying Rifts and Windows 10 drivers do not work offline? That
basically Windows 10 will be functional only while Microsoft keeps the update
servers on?

Edit: I don't follow Windows, I'm really curious what the consequences for
stuff like this can be generally.

~~~
dharmab
No. The certificate in question is a code signing certificate, not a TLS
certificate. Oculus incorrectly used an expiring certificate instead of a
timestamped certificate here; if timestamped certificate was used, then the
Rift driver would work offline forever.

------
sneak
Minor nitpick: “soft-bricked” is like “soft-pregnant”. That’s not what
“bricked” means, Techcrunch.

~~~
Piskvorrr
From what I've seen in XDA, soft-brick is a state which is recoverable without
physically opening up the device and hunting for JTAG headers ;)

------
rixrax
Oculus says you will receive $15 store credit if you used Oculus between Feb
1st and when it went kaput.

I don't see credit on my Oculus account? Am I supposed to have received it
already? Or is this maybe because I don't have payment method added to my
account?

~~~
boojums
Oculus sent out an email mentioning the $15 store credit. That email mentions
it might take up to 7 days to get the credit.

------
acd
Why does a device you own have to have an expiring certificate?

------
Robotbeat
Ha! My dad was just telling me how some of our old SANs had this happen. Just
had to change the date to 2017 then do a firmware update.

------
kakarot
Well, that explains why my Oculus wasn't working tonight. I hope this ends up
being as easy to fix as downloading a new binary.

~~~
robmaister
At the core of the issue, yeah, they just need to publish the same driver with
a different signature.

It looks like their auto-updater used the same cert though, so they can't
distribute it as a normal update. They're probably figuring out the least
sketchy/most automated way to distribute it right now.

When this is all said and done, there will be a handful of people who will
never, ever forget to use the _/ t_ flag in _signtool_.

------
melvinmt
Move Fast and Break Things.

~~~
gruez
or rather, forget to move and break things.

------
theonewhocanfly
The site has aggressive ads

------
intoro
Something similar just happened to me. I have a windows computer I only Use
for gaming. After the last update My Samsung display is no longer usable. It
has a polarized effect now only when using the windows Computer. However the
Computer Works fine Connected to another brand monitor. So much money, yet
windows still sucks when it comes to most basic things

~~~
taspeotis
I am doubtful this is it but check that you don't have a color filter [1]
configured.

[1] [http://www.brucebnews.com/2017/11/look-at-the-red-flowers-
wi...](http://www.brucebnews.com/2017/11/look-at-the-red-flowers-
windows-10-now-includes-help-for-color-blindness/)

------
peterwwillis
I've pointed out this consequence of "put TLS on everything" before, but
people shrugged it off.

~~~
unmole
This has absolutely nothing to do with TLS.

~~~
peterwwillis
You're right, TLS doesn't use certificates. What was I thinking?

[https://en.wikipedia.org/wiki/Transport_Layer_Security#Digit...](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates)

------
tritium
Beside the fact that you should be concerned about whether the controlling
company goes out of business, or sells your data, here stands yet another
reason to never trust devices that require an internet connection to activate
in the first place, or phone home periodically to remain active.

This includes phones, cars, self-driving cars, watches, farm equipment,
computing devices and anything marketed as an IoT appliance.

One glitch, as minor as an improper system time, and you’re dead in the water.

~~~
imtringued
The problem here is that kernel drivers have to be signed and drivers will
stop working if the signature expires because the vendor didn't use a time
stamp server during the signing process. The drivers were clearly indended to
keep working so I assume this happened by accident.

The big question is why on earth can drivers that have been verified and are
already installed in your system can suddenly stop working? If this mechanism
is intended to protect against malware disguised as drivers then it's already
too late. The malware had several years to exploit your system.

Expiration after installation simply doesn't make sense for code signing. The
signed executable won't change unlike a website. The driver is always going to
have the same file hash, forever.

~~~
tritium
Expiration after installation makes sense from the perspective of planned
obsolescence, and in anticipation of long-term-support sunsets.

It makes absolutely no sense to the end user, acting as possessor or
potentially a reseller of an object, since the very premise implies that an
owner should not be provided total control over their device, that it's never
really " _theirs_ ", and that a vendor should retain the capacity to take a
"sold good" away from the owner, under the guise of expected behavior, built
as designed, effectively converting a sale into a rental, in time, perhaps
after statutes expire.

It's effectively a back door for manufacturers, so that they can count on
well-made products not lasting forever, not in museums, not for resale, not
for nostalgia.

