Support NeoGAF

[Shifty]

https://www.techradar.com/news/oculus-rift-vr-headsets-everywhere-get-bricked-for-a-silly-reason

Rather than being able to jump into VR, Oculus Rift owners around the world were greeted with a dialog preventing them even using their headsets.

As it turns out, Oculus VR – and, by proxy, its owner Facebook – seems to have forgotten to renew a crucial app permission certificate within its Oculus Runtime Service for Windows 10 PCs. Oculus VR forum users the world over have cited the problem seen below in a thread that’s six pages long at the time of writing

This took my Rift down today, as well as two of the headsets we have at work. You can get around the issue by setting your system clock back to before the expiry and restarting the Oculus runtime service, but that leaves you with limited access to HTTPS websites and various other PC functionality that depends on a properly synchronized clock.

I know we have a PCVR OT kicking around somewhere, but I'm posting this as a thread as I think the larger implications are a worthy topic of discussion:

Given the locked-down nature of the Oculus ecosystem, mistakes like this have a far greater impact than they would if the implementation was based on an open standard rather than a proprietary one that bakes DRM into something so core as basic operation of the headset.

It's not the end-of-the-world 'everything is bricked RIP' situation that the more clickbaity outlets are making it out to be and Oculus are working on the problem, but the fact remains that the entirety of their non tech-savvy desktop customer base is unable to use the product that they paid for or the associated library until a fix is put in place. And that's to say nothing of development houses working to deadlines that involve developing software for the platform- when you have an established software infrastructure to work with, winding back the clock on your dev machine may not be a viable option.

To me, this is a prime example of the downsides associated with the tech industry's gradual creep toward walled gardens and everything-as-a-service. The further it goes, the more power the platform holders have and the greater the ramifications of their actions, or in this case, inaction. Something has to give at some point, but I'm having trouble picturing an outcome where the problem of black-box walled gardens simply goes away.

(Prevent me from using VR for a day if old.)

 

[Mascot]

And it's still not fixed over ten hours later, which rather suggests the issue is not easy to resolve.
I initially thought my Rift was borked as the symptoms were the same as a total hardware failure several months ago. I think a lot of people will be returning their Rifts today under the same assumption.

 

[Cato]

Why on earth does the rift need to access a webserver to even just provide basic functionality?

I get it, you need to access the mothership if you want to update the software or download some new apps,
but your device will not even start or be functional "because some server on the internet did not respond or said no"
is just idiocy.

I hope that a lot of people will return their kit due to this bullshit.

Note to self: never buy any occolus products.

 

[Pantz]

Mine's been giving me trouble for the last week where when I put it on, it loads the home screen fine and then judders a bit and crashes. If I put it on after a fresh restart it works fine though. Not sure what the problem was, maybe the new drivers from Nvidia. I was too lazy to try and find a fix though. Now it doesn't work at all. Hopefully both problems will fix themselves.

Edit: Update worked and fixed my other issue too.

 

[Agent_Carnage]

The fix is finally released.

https://www.oculus.com/rift-patch/

From their website..
"
To resolve the "Can’t Reach Oculus Runtime Service" error, please follow these steps:
If you currently have the Oculus app installed:
Go to https://www.oculus.com/rift-patch/. Click Download Install Patch to download OculusPatchMarch2018.exe. Open OculusPatchMarch2018.exe. If Windows asks you if you’re sure you want to open this file, click Yes. If Windows Defender prompts "Windows protected your PC", click More info and then click Run anyway. If your antivirus software restricts the file from opening, temporarily disable your AV and continue. Select Repair and confirm you would like to repair the Oculus software. Allow the repair process to run, download and install. Launch the Oculus app. Shortly after the repair you will be prompted for an update. Please complete the update. The download and update may take up to >10 minutes depending on network connection.
If you uninstalled the Oculus app from your computer:
Go to https://www.oculus.com/setup. Click Download Oculus Software to download OculusSetup.exe. Open OculusSetup.exe and follow the onscreen instructions to install the latest version of the Oculus app."

 

[Zannegan]

I know this isn't a difficult issue to fix, the sky isn't falling or anything, but it never should have happened. Hell, it never should have been possible. I understand being able to block someone's access to your online store/service, but there's absolutely no justification for Facebook to be able to brick an HMD remotely. It's like Samsung being able to disable your monitor if you fail a security check.

I've been waiting for the next gen of HMDs (and a better PC) before jumping into VR, but I was sorely tempted by a few of the crazy sales Oculus had last year. No more. Lol.

 

[Pantz]

Just got an email saying they're going to give $15 store credit. Nice!!

 

[abracadaver]

Just got an email saying they're going to give $15 store credit. Nice!!

Nice. Is it added to your account or a key to redeem?

 

[Makariel]

Ok that puts a damper on my plans of getting a Rift. I don't want to have a piece of hardware that could just cease to work because the manufacturer goes out of business.

 

[Pantz]

Nice. Is it added to your account or a key to redeem?

Added to account within 7 days. Here's the full quote from that email

"We’re very sorry for the disruption today. We’re providing a $15 Oculus Store credit (or currency equivalent) to people impacted by this issue. If you used Rift on or after February 1st, 2018 this credit will be added to your account automatically within the next 7 days. See this page for info about Oculus Store credits."

 

[Blam]

I know this isn't a difficult issue to fix, the sky isn't falling or anything, but it never should have happened. Hell, it never should have been possible. I understand being able to block someone's access to your online store/service, but there's absolutely no justification for Facebook to be able to brick an HMD remotely. It's like Samsung being able to disable your monitor if you fail a security check.

I've been waiting for the next gen of HMDs (and a better PC) before jumping into VR, but I was sorely tempted by a few of the crazy sales Oculus had last year. No more. Lol.

Yes sure and actually Samsung does this to an extent on the s8 they blow a fuse to permanently disable any pay or a good lot of Samsung features if you root your phone.

But this is not really that big of a deal Oculus is just making sure nobody is tampering with their products.

 

[JORMBO]

$15 store credit is a really nice apology for the headset being offline for one day. Most companies probably would have just said “oops” and moved on.

 

[Blam]

$15 store credit is a really nice apology for the headset being offline for one day. Most companies probably would have just said “oops” and moved on.

It is nice I will say.

 

[michaelius]

That's what happen when you buy hardware with drm.

 

[Zannegan]

Yes sure and actually Samsung does this to an extent on the s8 they blow a fuse to permanently disable any pay or a good lot of Samsung features if you root your phone.

But this is not really that big of a deal Oculus is just making sure nobody is tampering with their products.

That comparison is a little silly. If you remove their software then, yes, their software is removed. Samsung has no obligation to provide their walled garden services to someone that has intentionally stepped outside that walled garden, but they don't brick your phone. Rift, by design, won't let that hardware even function outside their walled garden. The comparison is also flawed because we're talking about a peripheral rather than the main hardware. Your example might have more merit if we were talking about a self-contained VR headset refusing to work after failing a security check. That would be more like Nintendo bricking a handheld that detects pirated software (which I also have some issues with). Those are both examples of central/computing hardware, rather than a peripheral.

Honestly, I'm struggling to come up with a single other example of a company trying to maintain this much control over an add-on device. This is exactly the sort of thing I was afraid of when Facebook bought Oculus, not that the move represented a "casualification" of VR or a Matrix-like bid for world domination, but that Facebook would try to extend its control over the VR space too far and for no logical reason. Who are they protecting, exactly? How does them holding this level of control benefit anyone? I understand producing exclusive software to try to attract customers, even if I don't like it so early in the game. But what is the justification for them being able to actually render your headset useless rather than just locking you out of their store? Even if these bans had been the result of cheating/hacking/some violation of their ToS instead of an oversight on their part, I still wouldn't support Facebook having this much control over a display device.

Like I said, it's not the end of the world--Oculus has already fixed the problem and issued a generous bonus to those affected--I just don't think hardware should lock users out for failing to check in, even at a rate of once per year, and especially not on an open platform like PC. Like the XB1 DRM plan, this would be a total non-issue for 99% of (gamers me included) 99% of the time. In fact, had security certificates worked as intended, I doubt anyone would have even noticed this potential issue. However, knowing that this security check functionality exists, I would never buy a Rift simply because I don't like the idea of functioning hardware (display hardware, not even computing hardware) being remotely shut down by the seller through accident or design.

I don't cheat, but I wouldn't buy a Logitech mouse that quit working if it detected cheats. I don't pirate shows or even play fan games like AM2R, but I still wouldn't buy a monitor that would shut down if it detected copyrighted material. The market soundly rejected the version of the XB1 that required regular callbacks to the mothership to function. Why should I or anyone be okay with a VR headset that becomes unusable if it fails an Oculus security check?

 

[iconmaster]

HMD: Headsets of Mass Deactivation

 

[camelCase]

Why on earth does the rift need to access a webserver to even just provide basic functionality?

I get it, you need to access the mothership if you want to update the software or download some new apps,
but your device will not even start or be functional "because some server on the internet did not respond or said no"
is just idiocy.

I hope that a lot of people will return their kit due to this bullshit.

Note to self: never buy any occolus products.

Great point.

 

[Shifty]

Why on earth does the rift need to access a webserver to even just provide basic functionality?

I get it, you need to access the mothership if you want to update the software or download some new apps,
but your device will not even start or be functional "because some server on the internet did not respond or said no"
is just idiocy.

It's less about checking in with a web server and more that somebody on the Oculus security team forgot to regenerate a certain file with a date baked into it.
Normally the headset can be used without an internet connection- the real issue is that the software has an expiry date built into it that gets updated periodically.

Also in a worst-case oculus-goes-bankrupt scenario, this implies a risk of permanent deactivation unless they patch out the certificate requirement prior to closing their doors. Make of that what you will.

I've been waiting for the next gen of HMDs (and a better PC) before jumping into VR, but I was sorely tempted by a few of the crazy sales Oculus had last year. No more. Lol.

At this point I think a gen 2 designed-for-SteamVR device will be a good jumping-in point for people on the fence. The gen 1 stuff has some ergonomic teething troubles that should be smoothed out by then, and this Oculus outage is a handy warning shot for anyone um-ing and ah-ing about which headset to buy.

$15 store credit is a really nice apology for the headset being offline for one day. Most companies probably would have just said “oops” and moved on.

Yeah, it's certainly not bad. I'll probably save it for an Oculus exclusive of some sort and keep the regular purchases to Steam.
That said, I can't figure out where to actually check my credit balance in the client...

 

[Blam]

I don't see the big deal with this they are verifying that nobody is tampering with their software? Is that a bad thing?

Also in a worst-case oculus-goes-bankrupt scenario, this implies a risk of permanent deactivation unless they patch out the certificate requirement prior to closing their doors. Make of that what you will.

This is sorta fearmongering, the certificate can be generated on the clientside, this is literally something you can do yourself in windows.

 

[Shifty]

I don't see the big deal with this they are verifying that nobody is tampering with their software? Is that a bad thing?

As an oculus consumer I feel that I'm getting more negatives out of this walled garden business than I am benefits so far.
And I mean, the idea of DRM and other security measures being a good thing/bad thing is a whole other conversation in and of itself, but the big deal is not having full control over the stuff you buy anymore. How would you feel if your TV or phone decided to take the day off because someone at the manufacturer got lax?

This is sorta fearmongering, the certificate can be generated on the clientside, this is literally something you can do yourself in windows.

I'm happy to be corrected if my info isn't accurate, but to my knowledge generating a securely-signed certificate requires a private key that would need to be made public by oculus in order for end-users to do it clientside.
More to the point, if it's trivial enough to do yourself then why didn't self-generated certificates surface as a workaround during the outage? Everything I found revolved around rewinding the system clock.

I'd be interested to learn how it's done if you have a link.

 

[Blam]

As an oculus consumer I feel that I'm getting more negatives out of this walled garden business than I am benefits so far.
And I mean, the idea of DRM and other security measures being a good thing/bad thing is a whole other conversation in and of itself, but the big deal is not having full control over the stuff you buy anymore. How would you feel if your TV or phone decided to take the day off because someone at the manufacturer got lax?

I'd be more pissed off sure but since the Oculus is already a Luxury/Leisure item I don't see it being that big of a problem. Regardless I see a lot of benefits, any and I really mean any Vive users I talk to always tell me they hate valve not supporting their product at all. Not fixing shit faster, etc there's quite a lot of problems in being a Vive user. Mean while they are sorta surprised at how well Oculus has maintained updating the entire Oculus experience. If you put up Oculus Home, and SteamVR sidebyside. It's pretty easy to know who is supporting and trying to make a better product. While if you look at SteamVR and SteamHome both beyond buggy as fuck to anyone using it including Vive users. So they just leave it off.

I'm happy to be corrected if my info isn't accurate, but to my knowledge generating a securely-signed certificate requires a private key that would need to be made public by oculus in order for end-users to do it clientside.
More to the point, if it's trivial enough to do yourself then why didn't self-generated certificates surface as a workaround during the outage? Everything I found revolved around rewinding the system clock.

I'd be interested to learn how it's done if you have a link.

Not necessarily. And it actually did pop up as a workaround, after the fact when it was fixed. If I find the link again I'll post it here.

 

[camelCase]

It's less about checking in with a web server and more that somebody on the Oculus security team forgot to regenerate a certain file with a date baked into it.
Normally the headset can be used without an internet connection- the real issue is that the software has an expiry date built into it that gets updated periodically.

Also in a worst-case oculus-goes-bankrupt scenario, this implies a risk of permanent deactivation unless they patch out the certificate requirement prior to closing their doors. Make of that what you will.

Is this any different for the end user, though? I've had annoyances like this with stuff like GTA IV and the precise technical details of why it happened don't really mean much to me because the stress from dealing with it all is just too frustrating. Having to change my PC's date, typing in keys over and over again etc only to have it not work. Worst case in actuality is that you have to crack it, which someone who paid $$ should not be worrying about.

The 15 bucks is pretty sweet after alls said and done.

 

[Shifty]

Is this any different for the end user, though?

Not really in practical terms, if it's down then it's down. The differentiation was mainly to clarify that the rift isn't an xbox one pre-180 always online sort of situation under normal non-busted circumstances- it doesn't stop working if you unplug your internet.

 

[camelCase]

Not really in practical terms, if it's down then it's down. The differentiation was mainly to clarify that the rift isn't an xbox one pre-180 always online sort of situation under normal non-busted circumstances.

True. And wow I just read up on that xb1 always online thing, I wasn't into gaming during that stretch and the fact that they tried to pull that is a hoot.

 

[Zannegan]

True. And wow I just read up on that xb1 always online thing, I wasn't into gaming during that stretch and the fact that they tried to pull that is a hoot.

There are still people who swear that that system was just misunderstood/ahead of its time because it offered a lot of perks in exchange for the inconvenience, and because sooner or or later everything will be always online anyway. I'm just hoping they're wrong about that last part.