Here is my guess about what's going on with the Logitech Harmony Link fiasco:
The story so far: Logitech is bricking an older device that lots of people use and which is working just fine.
See, e.g. theverge.com/circuitbreaker…
See, e.g. theverge.com/circuitbreaker…
Ignore for the moment the whole customer satisfaction / company PR aspect of the story. I'm just going to dig into the technology and explain WHY this is happening.
The company first said: "On March 16th, 2018, Logitech will discontinue service and support for Harmony Link. Your Harmony Link will no longer function after this date"
People think this means they're bricking it, and that's kind of true... but they're bricking it *passively*, not *actively*. Read on to understand why.
A rep later explained: "There is a technology certificate license that will expire next March. The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub."
This is an incompetent translation of what an internal engineer told some externally-facing rep or manager.
By "technology certificate license" they almost certainly mean *an SSL certificate*. That's all. Nothing fancy. Just an SSL cert.
By "technology certificate license" they almost certainly mean *an SSL certificate*. That's all. Nothing fancy. Just an SSL cert.
Most recently, the company put out an official response, where they're addressing the PR nightmare by giving everyone the new product for free.
It included this explanation:
It included this explanation:
So here you see "technology license certificate" has been replaced by "encryption certificate", i.e. an SSL cert.
So why is it going to stop working when the cert expires?
Because this device phones home from time to time, probably at least every time it boots, probably to download its configuration from Logitech.
Because this device phones home from time to time, probably at least every time it boots, probably to download its configuration from Logitech.
You see, one of the features of the Harmony series is that you configure *your* device using *Logitech's* website. It stores your device's config there and the device downloads it.
This download is over HTTPS, secured with a certificate. If the certificate is not valid, the download is aborted. What happens next I'm not sure of - probably the device simply continues to use its previous configuration.
... but it's possible it will fail to operate at all. Not sure.
But at any rate, when the cert expires next March, all these devices will at the very least become unable to be reconfigured (almost certainly), and at worst will actually stop working entirely (less likely).
But at any rate, when the cert expires next March, all these devices will at the very least become unable to be reconfigured (almost certainly), and at worst will actually stop working entirely (less likely).
Okay, so, why can't Logitech just renew the cert?
Well, they can. But guess what? THE CERT IS USING SHA-1
Well, they can. But guess what? THE CERT IS USING SHA-1
(I don't know this for sure, but this is my VERY strong hunch, because reasons)
SHA-1 certs are difficult to renew these days. There's basically only one company that will still issue them any more.
Well, fine, so why don't they just do that?
Two possible reasons:
Two possible reasons:
Number one: like they said in their FAQ: "we would be acting irresponsibly by continuing the service knowing its potential/future vulnerability"
i.e. someone told them that using SHA-1 would be insecure and responsible.
i.e. someone told them that using SHA-1 would be insecure and responsible.
(*irresponsible)
This is crap, but it's crap that everyone believes these days. But never mind that.
This is crap, but it's crap that everyone believes these days. But never mind that.
Number two - it is entirely conceivable that the trusted roots which are hard-coded into the device firmware do not include the one trusted root still willing to issue SHA-1 certificates.
Reason numbers three through infinity have to do with business decisions about not wanting to support old products any more.
The people who developed it originally have all quit or been fired, the code base is ugly, the infrastructure for configuring the devices over the web and deploying the configurations is unstable and keeps breaking, etc etc etc.
In this scenario, this conversation happened:
"Hey, we need to renew the cert again. Remember, it has to be SHA-1."
"Ugh, what a pain."
"I hate this whole product line. Can't we just retire it?"
"... sure. Let's do it when the cert expires."
"Hey, we need to renew the cert again. Remember, it has to be SHA-1."
"Ugh, what a pain."
"I hate this whole product line. Can't we just retire it?"
"... sure. Let's do it when the cert expires."
"We still have customers using the product."
"Not that many of them. And it's not like they're paying us, it's a free service. And they've already gotten a bunch of years out of it, and it's only a one-year warranty in the first place."
"Okay. Let's do it."
"Not that many of them. And it's not like they're paying us, it's a free service. And they've already gotten a bunch of years out of it, and it's only a one-year warranty in the first place."
"Okay. Let's do it."
I GUARANTEE that conversation happened.
Okay, so if it's breaking because the SSL cert is expiring, and the cert isn't getting renewed because it's a SHA-1 cert...
Why not just get a SHA-256 cert instead?
Why not just get a SHA-256 cert instead?
Because the SHA-1 requirement is HARD-CODED in the FIRMWARE.
Jeez, okay, fine. Then why not update the firmware?
BECAUSE THIS PRODUCT IS SIX YEARS OLD.
The code base is ugly.
The infrastructure keeps failing.
Everyone who knows how it works quit or was fired.
The code base is ugly.
The infrastructure keeps failing.
Everyone who knows how it works quit or was fired.
It's entirely possible that this device doesn't even HAVE the ability for Logitech to remotely update the firmware. It might be the case that they'd have to tell their customers how to do it themselves.
This is a huge investment in internal testing and troubleshooting BEFORE releasing it to customers, and a huge support effort AFTERWARDS when things don't work right.
Yet another reason for that conversation to have happened.
Bottom lines:
1) Logitech isn't bricking these devices. They're simply refusing to do the work required on THEIR part to prevent the devices from automatically bricking themselves every year or so.
1) Logitech isn't bricking these devices. They're simply refusing to do the work required on THEIR part to prevent the devices from automatically bricking themselves every year or so.
2) Logitech is allowing the devices to brick themselves next March because the otherwise simple task of renewing an SSL certificate is a MONEY-LOSING business proposition.
... not because of the cost of the certificate, mind you. That's a few hundred bucks.
... but rather, because of the cost of the infrastructure necessary to make all the various pieces of this work.
Or rather, the cost of the MAINTENANCE of this infrastructure.
Or rather, the cost of the MAINTENANCE of this infrastructure.
... and very specifically, the cost of maintenance of LEGACY infrastructure: legacy code, legacy systems, legacy operational procedures.
Stuff that nobody knows how to do any more. Because it wasn't very good to start with, and everyone who worked on it is gone, and they have something newer and better that they're working on now.
All this over one certificate. A trivial thing.
This is why we can't have nice stuff. At least, not if the nice stuff is more than five years old.
/fin
/fin
Addendum - I just learned that someone might read this thread and think that I am defending, excusing, or apologizing for Logitech.
I am not. Even if I am right about what Logitech is doing and why they are doing it, what they are doing is still wrong.
I am not. Even if I am right about what Logitech is doing and why they are doing it, what they are doing is still wrong.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
