Oculus issuing $15 apology voucher for #goggpocalypse

visor

There is no pain greater in our universe than not being able to use your virtual reality goggles for a whole day. As such, the $15 Oculus store voucher the Rift-makers are offering by way of apology for yesterday’s #goggpocalypse, in which messed-up software effectively broke their headset for a while, only begins to salve the wound. I demand that Ian Oculus comes to my house and installs triple-SLI GTX Titan Blacks in my PC this very evening.

“This is an issue with our software certification,” Oculus explained yesterday. “For security, we use a certificate to ensure that the software you receive actually comes from Oculus.” That certificate had expired, which meant computers no longer trusted a key part of the Oculus software and refused to load it, so the whole thing crashed.

Clearly, it’s a pretty bad screw-up – allowing a software security certificate to lapse, thus rendering hardware inoperable, is extremely bad form. If Apple or Intel did it, the internet would be understandably on fire. It’s a little hard to take as seriously when it comes to virtual reality, the hot new sound of 2016 but the niche of niches in 2018, but we’ve gotta applaud Oculus for fixing it comparatively quickly and then issuing $15 Oculus store credit, to spend on VR software, by way of apology.

If I was A Very Bad Man I might note that this will prompt the most lucrative day in the Oculus store’s history, but obviously I wouldn’t do that.

Two wrinkles, in case you’ve got dollar signs in your strained eyes right now. Firstly, you’ll only snag the $15 credit if you used your Oculus account – i.e. gunned up the Oculus Home launcher/store software – between now and Feb 1st. So you’re not getting a freebie just because you blew the dust off your facebox for the first time in months today.

Secondly, if you were indeed a victim of #goggpocalypse, the nature of the borking is such that you need to manually patch the software with this here update, rather than letting an auto-update do it for you.

Image: ThinkGeek’s tragically out-of-stock Rebel Pilot Costume Hoodie.

13 Comments

  1. Don Reba says:

    Very generous of them to pay out what is likely hundreds, if not thousands of dollars.

    • crazyd says:

      I mean, they are Facebook. It’s a drop in the ocean.

      • zaphod42 says:

        Dude he’s making a joke about how few people own Oculus Rifts. How did you miss that?

        OBVIOUSLY facebook can afford it. Its a laughably small sum.

    • fish99 says:

      They had sold 300K units before the price drop. I wouldn’t be surprised if they’ve doubled that now. So $15 for everyone could be $9M.

  2. Premium User Badge

    Ninja Dodo says:

    You know I believe Apple actually did do something exactly like this very recently, that is letting an official certificate expire (only for developers, not customers)… this entirely aside from their profiles and certificates system being a garbage fire with burning hoops that you have to jump through to publish software on their platforms while paying an annual Developer License fee for the privilege…

    • Premium User Badge

      Ninja Dodo says:

      DRM certificates are dumb is what I’m saying.

      • crazyd says:

        They are a valuable security tool to prevent you from installing malicious code from a source that claims to be someone else. It’s not intended to limit your rights to the software, just to prevent attacks.

        • MajorLag says:

          And like so many “for security!” endeavors they ultimately cause much more trouble than they are worth.

          • crazyd says:

            That is ABSOLUTELY not true. They are invaluable, and issues like this are extremely rare.

    • AthanSpod says:

      I am somewhat puzzled as to why *code signing* would break in this manner. I thought this sort of signing included the timestamp of when it was done (as part of the signed information, so you can’t just change it to a later timestamp) and so long as the signing certificate (and chain up from there) was valid *then* it would always pass the tests at any time on or after that timestamp.

      This is unlike the certificates/signing that’s used for TLS/HTTPS, where you really do want the certificates to be valid ‘now’, as the data being protected is from ‘now’.

      So am I mistaken about how code signing is meant to work, or are Oculus just not doing it right (indeed as just another piece of stupid DRM) ?

      • AthanSpod says:

        If you trust a random comment from the The Register article about the failure:

        Enforced updates?
        Just spoke with our signing guru, and most signing tools enable time-stamping on a signature by default; this would prevent the signature expiring when the certificate expires. The signature is checked against that point in time, whereas a non-time-stamped signature checks ‘now’ against the certificate’s valid period. (Apologies if something has been lost in transmission.)

        So the expiration is from a, by choice, non-time-stamped signature.

        Now, why would a company choose for their signed software to expire?

        Because even Paris would use the defaults. – link to forums.theregister.co.uk

      • zaphod42 says:

        That is how its supposed to work. Oculus screwed up the signing. They only half-signed it so it still had to check the timestamp every time you use it, instead of if it was properly signed then it would authenticate and be good forever.

        They just did it wrong.

  3. racccoon says:

    The best VR is when your use those sleep blinders on a airplane. lol