It's not a false positive because it's broken, though. It's a false positive because it's working as intended and the host is simply violating the rules. It's weird that a site would opt-in to a feature like this, use it incorrectly, and then when the browser correctly rejects it, you would get mad at the browser. Nobody was actually forced to use HSTS here, and there's also no good reason for a TLS certificate to be expired either; in production, this is an incident no matter what.
The browser really isn't treating you as stupid, it's telling you "this is a serious security issue, if you really want to bypass this, you're on your own." You absolutely can, using flags in chromium or config in Firefox, or sometimes by clearing the HSTS cache in either. The benefit of this is that it ensures users who don't know better, the majority, don't stumble into an attack in the most critical situations, and it as well makes it significantly harder for developers and malicious attackers alike to try to convince end users to wrongly bypass security features, a problem that plagued early web browsers which had much worse UX around TLS. Even though it can be annoying, it's helpful to all of us, because the security posture of those around you naturally impact your own security posture, too.
This is all especially reasonable because HSTS is opt-in from the host's perspective. You're supposed to use it when you'd absolutely rather have false positives than not catch an attack.
This particular point doesn't have much to do with old technology, but I honestly don't think most developers set out to just break old tech. I agree that it is a shame the degree of churn we go through, but even if you have a super valid reason to absolutely need to use old technology, it's still not a good argument for the rest of the world to hold off on improving security, privacy and performance by holding back TLS upgrades or continuing to include and debug polyfills for all of eternity. If you really absolutely can't make TLS work for you, nothing is stopping you from running an SSL stripping proxy in the middle. Works pretty well for me.
Hopefully in the future the churn of technology will slow down and computers will last longer, but we're literally still near the beginning of the computing revolution, and the computers from 20 years ago are probably a much more enormous delta from today than the computers 20 years from today will be. (And even if a breakthrough proves this untrue, it still seems unlikely that today's boxes will become useless, with how much compute they pack.) And yet despite that, Linux is still dutifully supporting processors as old as 486, even though it's not really that important to be running the latest kernel on a machine that old. That's pretty good, and even if browser updates are difficult on machines that old, I have little doubt that some people will be maintaining them all the way to the 2038 problem where it will get much harder.
The browser really isn't treating you as stupid, it's telling you "this is a serious security issue, if you really want to bypass this, you're on your own." You absolutely can, using flags in chromium or config in Firefox, or sometimes by clearing the HSTS cache in either. The benefit of this is that it ensures users who don't know better, the majority, don't stumble into an attack in the most critical situations, and it as well makes it significantly harder for developers and malicious attackers alike to try to convince end users to wrongly bypass security features, a problem that plagued early web browsers which had much worse UX around TLS. Even though it can be annoying, it's helpful to all of us, because the security posture of those around you naturally impact your own security posture, too.
This is all especially reasonable because HSTS is opt-in from the host's perspective. You're supposed to use it when you'd absolutely rather have false positives than not catch an attack.
This particular point doesn't have much to do with old technology, but I honestly don't think most developers set out to just break old tech. I agree that it is a shame the degree of churn we go through, but even if you have a super valid reason to absolutely need to use old technology, it's still not a good argument for the rest of the world to hold off on improving security, privacy and performance by holding back TLS upgrades or continuing to include and debug polyfills for all of eternity. If you really absolutely can't make TLS work for you, nothing is stopping you from running an SSL stripping proxy in the middle. Works pretty well for me.
Hopefully in the future the churn of technology will slow down and computers will last longer, but we're literally still near the beginning of the computing revolution, and the computers from 20 years ago are probably a much more enormous delta from today than the computers 20 years from today will be. (And even if a breakthrough proves this untrue, it still seems unlikely that today's boxes will become useless, with how much compute they pack.) And yet despite that, Linux is still dutifully supporting processors as old as 486, even though it's not really that important to be running the latest kernel on a machine that old. That's pretty good, and even if browser updates are difficult on machines that old, I have little doubt that some people will be maintaining them all the way to the 2038 problem where it will get much harder.