Google begs owners of crippled Chromecasts not to hit factory reset Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate authority. The web giant is aware of the breakdown and says a fix is in the works. On Sunday, many users of these gadgets encountered an "untrusted device" …
Some products should just run and run.
These clearly have a finate life based on Google's whim, I forget what home thermostat stopped, Sonos with their screwed updates
At least with smart TV's you can buy a cheap product to give smart features
Still have my slim devices - all these years since Logitech bought them and then seemingly instantly dropped them. Thankful for open source and dedicated devs
Just work … LOL…
Next Bond Movie …Nuclear Armageddon not averted due to a Cert expiry or darker satire due to passwords and remote controls or a password change Apple Passwords mangles and can’t remember or a failed CAPCHA over bicycles , traffic-light, buses or fucking crosswalks.
...or a failed CAPCHA over bicycles...
Oh, I see you too have dealt with the ones where it says "Select all bicycles", then shows one bicycle, with the rest being mopeds/sport bikes/choppers, and gets snippy when you try to tell it there aren't any more...
These clearly have a finate life based on Google's whim, I forget what home thermostat stopped, Sonos with their screwed updatesAt least with smart TV's you can buy a cheap product to give smart features
Ironically, this is why I bought a Chromecast...
Achilles 1: Root of trust, the public certificate authorities itself, with the big list of CAs in all our browsers and OS-es. With none of those official ones in our hand. A license to print money. (yes yes, LetsEncrypt, not viable for everything)
Achilles 2: Timed certificates. Though not directly, but lacking the ability to allow an override. Something most browsers offer, but not in all cases (yes, I am pointing the finger at you, Firefox).
This is one of those many cases where hacking the device you own should be legal, no matter what the ULA says. "Abandoned Hardware" might be the keyword. (Of course hacking other peoples "Abandoned Hardware" requires consent, else illegal.)
Speaking of Firefox - indeed, this might have been what you were alluding to, I'm not sure - I have seen very little mention here on El Reg or elsewhere of the impending timebomb that will render older versions of FF (pre-128 or 115ESR) borderline unusable after the 14th of this month. DRM playback will stop working (big whoop, all my media is de-DRM'ed) but more painfully, add-ons will suddenly stop working.
More details here: https://support.mozilla.org/en-US/kb/root-certificate-expiration?as=u&utm_source=inproduct
I am particularly irritated by this, because I've settled on v114 and disabled all updates (yeah, downvote me if you feel holier-than-thou.) I just got sick and tired of being constantly nagged to update - wait - reboot - wait - update - wait - reboot, and stepped off that treadmill. Remember when software was for the use of people, not the other way around?
If this comes across as grumpy and Luddite, well, so be it. But I am still cross at Mozilla for forcing me to update a perfectly serviceable version of FF and waste time turning off the inevitable new cruft ("we've added an AI assistant!" DON'T CARE. "we've partnered with..." DON'T CARE. "Let us show you sponsored..." yep, DON'T CARE.)
Going from FF114 to FF115ESR should not be a big ask. And you will do yourself and the wider internet a favour by using a browser which is actively patched for security vulns.
One patch every ~ 4 weeks that bring no new features and no interface changes, just security fixes sems like a nice compromise.
I write this on FireFox 128 ESR, by the way
> This is one of those many cases where hacking the device you own should be legal,
Yes. A law that says something like if the vendor stops supplying software updates, it must either open-source the code and any keys needed to update the firmware, or offer to buy back the devices for 50% of the original price.
The fix is already in place, and no one saw it coming.
Hardware license subscriptions. Pay the same price as today, but now it comes with a Terms & Conditions agreement and a defined end-of-service date. They will even include a pre-paid box to ship back the device for complimentary E-cycling. Or you can just toss it in the bin. Either way, you knew upfront that it would only be licensed until a certain date, and then it will stop working.
A company can set up its own PKI without problems, but to have the root certificate included by default in the common browsers, the PKI must conform to the rules of the "CA Browser forum", which requires short lived certificates.
I set up own PKIs at my previous employer. Some of the products are IoT gateways, and paying 100 £ for a server certificate with a very limited life time is an absolute no-no.
Previously, I tried to use commercial CAs, but my RfP: "I want to buy a million sever certificates for less than 1£ each" led nowhere.Only one CA understood the question, and offered that we could run an issuing CA unter their root CA (with the appropriate security audits and licence fees).
I’ve always thought the whole concept of the ssl “chain of trust” thing is fundamentally broken.
It’s staggering that it seems to work as well as it does but that doesn’t change the fact that it is incredibly fragile - break one link in the chain and you’re buggered.
And I’m sure I’m not alone in disliking the idea that I have to trust some faceless tech company to issue a certificate so I can prove who I am! That’s a very broken and twisted model right there
I have three of the Chromecast Audio devices and was very puzzled when they all stopped stopped working yesterday afternoon.
Nice to know that, unusually, it wasn’t something I had changed.
Now that I have retired for over 10 years I have less and less enthusiasm for sorting out technical issues.
indeed, I'm the same. I find casting to be sketchy at the best of times, sometimes some devices just won't appear, but this time it was nothing at all. It took a bit of finding out that it was Google and not me this time too. Combination of chromecast audios and both new and old gen minis, nests, whatever they want to call them these days
It took a bit of finding out that it was Google and not me this time too.
This is a big problem with Google. They supposedly have a mission statement of making all the world's data available - but when it comes to getting info on Google products, there's nothing.
When my version 1 Chromecast broke once, there was no error message to say why it wouldn't work. And no info on the Google Chromecast app installed on my phone, that could see it. So I factory reset it and reinstalled it. Still nothing. Googled for answers, it turns out Google had invented the Google Home app. The Google Chromecast app no longer worked. I mean it did work, you could launch it, see the network, see devices on the network. It just didn't do anything any more. And Google hadn't bothered to update it, put up a message, email me or in fact notify me via the Android phone the app was installed on.
So installed the Home app, and wall was smiles and roses. Until it stopped working about a year later. Again, no message, no warning, nothing in the Google Home app. Just couldn't now see the Chromecast. Factory reset, re-install, nothing. Back to searching for online help. No announcement from Google. Just forum posts that they'd stopped supporting the v1 devices. Lovely! Poor Google, couldn't afford a single server to keep them going. Too few resources, so little spare engineering time. It's no like v2 was even doing anything different. They just couldn't be arsed.
They're strangely shit at consumer electronics.
Strangely I didn't buy another Google device. I replaced by Chromecast with a Roku.
You should toss a PiHole on your network. My Roku was generating over 50% of the DNS traffic coming from my network. At all hours of the day, regardless of whether it was in use or not. What is that little thing doing???
The Roku is now in the unused tech bin. I don't trust it.
Now that I have retired for over 10 years I have less and less enthusiasm for sorting out technical issues
You don't even have to have retired to be enthusiasm-deficient.. I used to run an email server on my proxmox cluster at home for friends, family and my brothers business - now migrated to an online provider.
Ditto websites.
Only one 2U server at home now (rather than 1x2U and 2x1U) and what little online stuff I need to do is now on a R-Pi.
Just couldn't be bothered any more. Plus it was only me that knew how it all hung together and, if anything went down while I was out of comms, I'd get lots of messages when I got into comms again.
I get that enough at work, didn't need it at home.
Having just temporarily moved, I've recently had the "pleasure" of installing a cheap second-hand TV based on the Google TV platform and a Google "smart" speaker acquired from a relative. It's been the most frustrating experience I've ever had with consumer equipment. Fortunately, I'm only going to be using the TV as a display because the builtin Unusable Interface is maddeningly slow and opaque. Similarly, the Google Home app makes the potentially simple configuration of the speaker into a convoluted nightmare and I had to kill and restart the app several times as it claimed not to be connected to the speaker when it was and therefore refused to display the controls for volume or bluetooth pairing.
Had I bought either of these devices new, they'd have gone straight back. All the engineering seems to have gone into integration with the monetisation platform. The purported functionality seems to have been an afterthought.
If a speaker doesn't have an analogue connection and the TV hasn't then they are dumb!
I had to add an inline HDMI box that extracts L & R audio between TV and Home Theatre amp because no headphone socket on TV and maddeningly the headphone socket on the Yamaha Home Theatre amp (otherwise brilliant) turns off all six speakers. The previous 42" HD TV had a separately controlled headphone socket and the previous amp had a headphone socket that didn't kill the speakers.
My Rotel Stereo HiFi amp earphone socket doesn't interfere with speakers. The speakers have a switch: Off, Set 1, Sets 1+2 and Set 2.
We are going backwards on useability.
At least my two phones have 3.5mm sockets (not too old Oppo & TCL) as well as BT that work with anything. I have one set of headphones that are BT or 3.5mm jack. I also have some standalone BT adaptors for either analogue source to BT or BT to analogue destination. Battery and/or USB power.
I hate Andriod TV, where apps is higher priority than inputs or TV channels. Also designed for someone at a desk and 32"
“We are going backwards on useability”
I like the question my wife posed to me several years ago - “why is it that a lot of tech stuff is really clever but …. It’s always just a little bit shit”
And I think she was spot on.
I worked at Sony some years ago and witnessed a number of design decisions that seemed to serve no purpose other than to make the product “just a little bit shit”. And this is an in industry-wide issue - from stopping you transferring data in one particular direction on your music gadget (because that would be useful) to deliberately leaving out a really useful interface that everyone uses (because it will cost £1 to implement - on an item costing hundreds). All just to make the product “a little bit shit”
About 30c for a 3.5mm jack. Maybe less. The HW to drive it is probably there as well as there are built in speaker(s) & mic.
Ah, Net MD minidisk. Eventually they did a model where you could copy off your own recording via USB rather than analogue. Horrible stupid arrogant software. Sonic Stage? Now at least this works on Chromium. https://web.minidisc.wiki/ Tested on real Linux, Crostini Linux on Chromebook and also Chrome on Chrome OS
I hear you - I steered the wife in the direction of a Sony Pebble digital music player (ipod knockoff, c 2004), thinking, they can't really be serious that it won't play mp3 files. They could, and they were.
Everything had to be ripped - in their clunky app - to atrac.
Eventually I believe they relented and updated (hit the switch) to allow mp3, but by that time what was a beautiful little device was drawerware, gathering dust and replaced by something that just worked.
aben0c4,
All the engineering seems to have gone into integration with the monetisation platform. The purported functionality seems to have been an afterthought.
Clearly Google can do it. Android is very functional. Of course, it has its annoyances, but what OS doesn't.
But in my previous days of being a Chromecast owner it was very easy to use, when the bugger worked. But then you got zero information when it didn't.
I was fixing someone's laptop for them the other day, and got an error from Microsoft Outlook - the thing that used to be called Outlook Express rather than the thing that is currently also called Outlook, but which MS wish to replace with Outlook NEW... I got a message saying, "an error has occured. Please try again later." Thanks! To be fair to MS though, most of their error messages have an error code you can look up, even if the error itself is not very descriptive. Google's stuff doesn't even seem to give error messages. You press a button and either something happens, or it doesn't. After that, you're on your own.
As I have moaned about above (and probably on El Reg previously (sorry)) - even when Google replaced the Chromecast app with the Home app (after they'd bought Nest and wanted all the IoT in one place) they didn't turn off the Chromecast app. It just stopped working, and gave no error messages. It could see the devices, it just refused to talk to them. And only searching online told you this was the case and you needed to download a new app.
I alwasy assumed that Apple kit was bad with error messages, because Apple couldn't conceive of (or at least admit) that something might not be working. So there was very little info online on how to fix problems, and not much support from the kit itself. Microsoft give better infromation, possibly because they're used to their stuff breaking. I'm guessing Google, like Apple, think their own farts smell of perfume.
Apple couldn't conceive of (or at least admit) that something might not be working. So there was very little info online on how to fix problems, and not much support from the kit itself.
...thus forcing you to take the recalcitrant iThing into an Apple Store and pay the "geniuses" lots of money to resolve said problem.
The thing about error messages is that unless they're helpful, you might as well not bother. For them to be helpful, you have to put in some thought - and you may even have to provide some documentation, or worse still some troubleshooting diagnostics - where the error might have complex causes. So it's easier not to bother.
Just bring your borked device in store for a free replacement to the latest tech.
Several times I've been told by some phone rep to take my defective device to their authorized repair facility on the other side of the continent... When I explain that's impossible, they are usually dumbfounded... "But you're in the U.S.A. aren't you?"
Yes, I am... Please excuse me while I pull my hovercraft out of the garage, so I can start my 2 week drive from Hawaii to New York to drop off this TV for you.
When I ask if it can be mailed in, they often say something like "I guess you could, but that would cost you a lot..."
I find calling back the next day, I usually reach someone with a clue, and get a prepaid return label first thing, without asking.
Call it phone support roulette. Will I get a a quick and helpful response, or thrust into a topsy-turvy Sisyphean dystopia?
smells like inbuilt obsolescence myself, where they hoping older devices would be dead and in landfill by now. a security certificate that runs for 10 years. Still 10 years is better than later Amazon Kindle fires which die after a few days out of warranty yet Amazon dont want to know its out of warranrty !!!!!!
https://en.wikipedia.org/wiki/Hanlon's_razor
What’s the chances that someone in the dim and distant past, purchased a certificate with their own credit card, expensed it, so all good, but has now long since left, or is actually dead?
I’ve seen this happen time after time, no reason to assume that a massive, global company would be immune to this.
Some professional IoT devices are delivered with certificates that never expire.
The customer would be very upset if he loses the connection to his process controllers or smart meters because he forgot to renew the certificates.
More adventurous users still can replace the certificates with something short lived.
"..... the internet titan added, "Do not factory reset your device - we will keep you all updated when the fix rolls ou"
When this happened to me the advice they gave in the link provided in the error message was to "FACTORY RESET"
I fear they have bricked it.
This post has been deleted by its author
They shut down the server and a factory reset would then brick them.
1. A Factory reset should ALWAYS work without the Internet.
2. Products should state on box and /!\ warning label on product (not on a cable) if a device depends on a server that might shut down.
3. Don't buy anything that does local stuff and depends on someone's Internet server (thermostat, doorbell, weather station, smoke alarm). The basic important functionality should work without internet or remote servers.
4. IoT products should have a public API so that you can put your own server (like email, web, FTP has) at home/office or remotely.
5.The password on your own gadget should be user settable without Internet, 2FA, or email.
6. Factory rest on Android can now lock you out of phone / tablet if you don't delete the Google Android account first! Even a reboot can if non-Google keyboard and text password is set. This is security gone wrong!
because when we wanted our own device, there were no other options available. The Amazon product is pretty self-reliant to connect to a wifi network and to decode any streams, and you can interface to it with its own remote and your TV. Pretty straightforward.
We learned about smart products with Chromecast, worst of all. No problems so far, either.
Don't trust amazon gadgets, they chat quietly with each other (and some other manufacturers gadgets) and share wi-fi passwords around. I was trying a VPN router at a friends house so she could watch american netfux, i entered the new wifi password into the firestick, and it mostly worked. After removing the VPN router, the samsung telly lost network connection, despite never changing the wifi on that. And it can only remember 1 wifi password at a time, awesome job samsung.
I don't buy this shit but nobody else really gives a fuck, which is why the world is screwed.
People thought globalisation would make goods cheaper, what it has done is to devalue them.
This post has been deleted by its author
Yes, that is what you agreed on the EULA. Season 15, Episode 2, April 2011.
I nearly bought a Chromecast audio. I only did not when I learned that Google were so desperate for data that the device would not work locally without an internet connection to call home. That was the beginning of the end of my relationship with Google. Not that the alternative QED uPlay Stream was supported for very long,..
And in 2021, Let's Encrypt let a root certificate lapse, disrupting major websites and services for devices that hadn't been updated.
This is false. The only things that broke were a handful of (mostly unmaintained) websites and one obscure BSD variant.
Let's Encrypt had done everything in their power to minimise the disruption, they were completely transparent throughout and provided clear guidance for administrators on how to deal with this long in advance.
TEMPORARY FIX FOR CHROMECAST CERTIFICATE EXPIRATION since Google is slow and incompetent and forgot to renew the certificate for Gen2 Chromecast and older!!!
***IF YOU HAD FACTORY RESET YOUR CHROMECAST and are having problems resetting up the Chromecast (Home App can't connect) ***You must follow these steps first before you fix your casting!!!
If you had unfortunately factory reset your Chromecast during this issue, go to your phone Date&Time settings and turn off automatic date set, manually change the date to March 7, 2025. Now try to set up the Chromecast again and it should work again.
If you didn't factory reset, Just proceed to the casting fix,
Fix casting from Android (GUI method)
Download and install this Activity Manager app. I am not affiliated with it, but it's open source and seems to work as advertised. Note that you can download an APK directly from that page—you don't need to install F-Droid if you don't want to.
Launch the app and select "Intent launcher" from the dropdown in the upper right.
Tap the edit icon next to "Action" and paste in
com.google.android.gms.cast.settings.CastSettingsCollapsingDebugAction
Leave all other fields blank.
***On Android 11 and below, use
CastSettingsDebugAction
instead of CastSettingsCollapsingDebugAction.
4. Tap the checkmark in the lower right.
5. In the settings popup panels that pops up, scroll down to "Connection" and click to enable "Bypass Device Auth".
I was one of those who hit "factory reset" but it has not been a problem for me as my Chromecast hasreceived the fix and is now working.
The way I overcame the problem was to switch off the Chromecast with its half-completed factory reset, temporarily reset the date on my device (Samsung phone) back to 8 March and repeat the factory reset on the Chromecast. It seemed to work (I got the screensaver pictures on the TV screen) and Google Home showed the newly set up device.
I left the Chromecast powered on and, this morning, it is now working again.
So it does not sound to me as though those who did a factory reset have anything to worry about: a bit of a storm in a tea-cup.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
