See, e.g. theverge.com/circuitbreaker…
By "technology certificate license" they almost certainly mean *an SSL certificate*. That's all. Nothing fancy. Just an SSL cert.
It included this explanation:
Because this device phones home from time to time, probably at least every time it boots, probably to download its configuration from Logitech.
But at any rate, when the cert expires next March, all these devices will at the very least become unable to be reconfigured (almost certainly), and at worst will actually stop working entirely (less likely).
Well, they can. But guess what? THE CERT IS USING SHA-1
Two possible reasons:
i.e. someone told them that using SHA-1 would be insecure and responsible.
This is crap, but it's crap that everyone believes these days. But never mind that.
"Hey, we need to renew the cert again. Remember, it has to be SHA-1."
"Ugh, what a pain."
"I hate this whole product line. Can't we just retire it?"
"... sure. Let's do it when the cert expires."
"Not that many of them. And it's not like they're paying us, it's a free service. And they've already gotten a bunch of years out of it, and it's only a one-year warranty in the first place."
"Okay. Let's do it."
Why not just get a SHA-256 cert instead?
The code base is ugly.
The infrastructure keeps failing.
Everyone who knows how it works quit or was fired.
1) Logitech isn't bricking these devices. They're simply refusing to do the work required on THEIR part to prevent the devices from automatically bricking themselves every year or so.
Or rather, the cost of the MAINTENANCE of this infrastructure.
I am not. Even if I am right about what Logitech is doing and why they are doing it, what they are doing is still wrong.