soyagi

joined 1 year ago
 

Archived version: https://archive.ph/KYO3X

On Thursday, two more lawsuits were filed against Western Digital over its SanDisk Extreme series and My Passport portable SSDs. That brings the number of class-action complaints filed against Western Digital to three in two days.

In May, Ars Technica reported about customer complaints that claimed SanDisk Extreme SSDs were abruptly wiping data and becoming unmountable. Ars senior editor Lee Hutchinson also experienced this problem with two Extreme SSDs. Western Digital, which owns SanDisk, released a firmware update in late May, saying that currently shipping products weren't impacted. But the company didn't mention customer complaints of lost data, only that drives could "unexpectedly disconnect from a computer."

Further, last week The Verge claimed a replacement drive it received after the firmware update still wiped its data and became unreadable, and there are some complaints on Reddit pointing to recent problems with Extreme drives.

All three cases (one, two, and three) filed against Western Digital this week seek class-action certification (Ars was told it can take years for a judge to officially state certification and that cases may proceed with class-wide resolutions possibly occurring before official certification). Ian Sloss, one of the lawyers representing Matthew Perrin and Brian Bayerl in a complaint filed yesterday, told Ars he doesn't believe class-action certification will be a major barrier in a case "where there is a common defect in the firmware that is consistent in all devices." He added that defect cases are "ripe for class treatment."

Familiar stories

Both complaints filed yesterday reference Lee's ordeal and Ars' reporting on the matter, and they share new accounts that sound similar to complaints we've seen reported online.

Perrin and Bayerl's complaint says Perrin bought "at least" eight SanDisk Extreme SSDs off Amazon, including 2TB and 4TB Extreme and 4TB Extreme Pro models, and that Perrin "lost all data stored on several SanDisk SSDs."

Similarly, Bayerl reportedly bought "at least two" Extreme SSDs, including a 4TB Extreme, off Amazon. The complaint claims the drives still had busted firmware:

Plaintiff Bayerl has experienced the failure of two drives within minutes of each other and is now reluctant to use SanDisk Extreme products. Due to the nature of his work and the data on the devices, Plaintiff Bayerl spent nearly $8,000 on only partially successful efforts to retrieve the data from the failed drives through various data recovery third parties. These efforts also determined that the issue was caused by faulty internal firmware on the drives.

Perrin and Bayerl's complaint mentions the 2TB Extreme, which Western Digital hasn't officially confirmed as an affected device. A separate complaint filed on Wednesday mentions the 500GB and 1TB Extreme-series and My Passport models, which Western Digital hasn't said are affected.

Here are the drives Western Digital has said are affected:

  • SanDisk Extreme Portable 4TB (SDSSDE61-4T00)
  • SanDisk Extreme Pro Portable 4TB (SDSSDE81-4T00)
  • SanDisk Extreme Pro Portable 2TB (SDSSDE81-2T00)
  • SanDisk Extreme Pro Portable 1TB (SDSSDE81-1T00)
  • Western Digital My Passport 4TB (WDBAGF0040BGY).

Perrin and Bayerl's complaint says that "the now-known issues with the defective SanDisk SSDs and significant risk of permanent data loss, has rendered the SanDisk SSDs worthless to individuals seeking reliable data storage."

"Worthless" is also used in the complaint filed Wednesday by Nathan Krum. The complaint filed Thursday on behalf of Saif Jafri also dubbed drives Western Digital named in its firmware update page, as well as the SanDisk Pro-G40 (PetaPixel recently claimed this drive broke after less than a month, but Ars has been unable to determine if the drive has a widespread problem), as "worthless."

Jafri's complaint says he bought an Extreme Pro (capacity not specified) because he was on an extended van trip and needed storage for drone footage, photos, and travel mementos. The drive reportedly "failed only a few weeks after" purchase.

"He had written data to the Drive no more than a handful of times, yet he nonetheless lost precious personal data," the complaint says.

The complaints also note that Western Digital's 30-day return and five-year warranty policies don't remedy lost data. The cases seek restitution, including damages, and for Western Digital to stop selling the affected drives until they're fixed or the problems are fully disclosed on all labels, packaging, and advertising.

Sloss told Ars that challenges of the case might include establishing how frequently drives failed after Western Digital shared its May firmware update.

"We believe the case is strong, that Western Digital’s response to the issue has been delayed, inadequate, and incomplete, and we believe people are continuing to purchase defective SSDs based on misleading information Western Digital has provided," Sloss said.

Sloss said that firms frequently agree to prosecute similar cases together, with one firm leading. He believes there could be even more law firms investigating claims that may file complaints against Western Digital.

Western Digital told Ars yesterday that it "does not comment on pending litigation."

 

Archived version: https://archive.ph/9WPwx

The Sotheby's auction house has been named as a defendant in a lawsuit filed by investors who regret buying Bored Ape Yacht Club NFTs that sold for highly inflated prices during the NFT craze in 2021. A Sotheby's auction duped investors by giving the Bored Ape NFTs "an air of legitimacy... to generate investors' interest and hype around the Bored Ape brand," the class-action lawsuit claims.

The boost to Bored Ape NFT prices provided by the auction "was rooted in deception," said the lawsuit filed in US District Court for the Central District of California. It wasn't revealed at the time of the auction that the buyer was the now-disgraced FTX, the lawsuit said.

"Sotheby's representations that the undisclosed buyer was a 'traditional' collector had misleadingly created the impression that the market for BAYC NFTs had crossed over to a mainstream audience," the lawsuit claimed. Lawsuit plaintiffs say that harmed investors bought the NFTs "with a reasonable expectation of profit from owning them."

Sotheby's sold a lot of 101 Bored Ape NFTs for $24.4 million at its "Ape In!" auction in September 2021, well above the pre-auction estimates of $12 million to $18 million. That's an average price of over $241,000, but Bored Ape NFTs now sell for a floor price of about $50,000 worth of ether cryptocrurrency, according to CoinGecko data accessed today.

Investors previously sued Bored Ape creator Yuga Labs, four company executives, and various celebrity promoters including Paris Hilton, Gwyneth Paltrow, Kevin Hart, Snoop Dogg, Serena Williams, Madonna, Jimmy Fallon, Steph Curry, and Justin Bieber. The original class-action was filed in December 2022, and Sotheby's was added as a defendant in an amended complaint submitted on August 4.

Yuga describes its collection of 10,000 Bored Ape NFTs as "unique digital collectibles living on the Ethereum blockchain" that double as a "Yacht Club membership card." The website has some "members-only" areas. "When you buy a Bored Ape, you're not simply buying an avatar or a provably rare piece of art," the NFT collection's website says. "You are gaining membership access to a club whose benefits and offerings will increase over time. Your Bored Ape can serve as your digital identity, and open digital doors for you."

Lawsuit: Yuga “colluded” with Sotheby’s

The amended lawsuit alleges that "Yuga colluded with fine arts broker, Defendant Sotheby's, to run a deceptive auction." After the sale, a Sotheby's representative described the winning bidder during a Twitter Spaces event as a "traditional" collector, the lawsuit said.

The lawsuit said it turned out the auction buyer was now-bankrupt crypto exchange FTX, whose founder Sam Bankman-Fried is in jail awaiting trial on criminal charges. Ethereum blockchain transaction data shows that after the auction, "Sotheby's transferred the lot of BAYC NFTs to wallet address 0xf8e0C93Fd48B4C34A4194d3AF436b13032E641F3,77 which, upon information and belief, is owned/controlled by FTX," the complaint said. Speculation that FTX was the buyer had been percolating since at least January 2023.

The lawsuit alleges that Yuga Labs and Sotheby's violated the California Unfair Competition Law, the California Corporate Securities Law, the US Securities Exchange Act, and the California Corporations Code. The plaintiffs also claim that Sotheby's Metaverse, an NFT trading platform opened after the auction, "operated (or attempted to operate) as an unregistered broker of securities."

"FTX has several deep ties to Yuga such that it would be mutually beneficial for both Yuga and FTX (as well as Sotheby's) if the BAYC NFT collection were to rise in price and trading volume activity. Upon information and belief, given the extensive financial interests shared by Yuga, Sotheby's and FTX, each knew that FTX was the real buyer of the lot of BAYC NFTs at the Sotheby's auction at the time that Sotheby's representatives were publicly representing that a 'traditional' buyer had made the purchase," the lawsuit said. FTX is not named as a defendant.

Ape prices soared, then plummeted

After the auction, the price of Bored Ape digital assets hit a new high and kept rising for months. It peaked at over $420,000 in April 2022 but plummeted to about $90,000 six weeks later, according to CoinGecko.

The class action lawsuit's named plaintiffs are Johnny Johnson, Ezra Boekweg, Mario Palombini, and Adam Titcher. They are trying to get certification of a class consisting of "all investors who purchased Yuga's non-fungible tokens ('NFTs') or ApeCoin tokens ('ApeCoin') between April 23, 2021 and the present." There were over 103,000 account holders of Yuga securities as of December 1, 2022, the lawsuit said.

"While the Executive Defendants made hundreds of millions of dollars, investors were left with NFTs worth a fraction of their artificially inflated value," the original version of the complaint in December said.

Yuga and other defendants have a September 12 deadline to file motions to dismiss the complaint. Sotheby's told CNN this week that the "allegations in this suit are baseless, and Sotheby's is prepared to vigorously defend itself." Yuga Labs similarly called the allegations "completely without merit or factual basis."

 

Archived version: https://archive.ph/9WPwx

The Sotheby's auction house has been named as a defendant in a lawsuit filed by investors who regret buying Bored Ape Yacht Club NFTs that sold for highly inflated prices during the NFT craze in 2021. A Sotheby's auction duped investors by giving the Bored Ape NFTs "an air of legitimacy... to generate investors' interest and hype around the Bored Ape brand," the class-action lawsuit claims.

The boost to Bored Ape NFT prices provided by the auction "was rooted in deception," said the lawsuit filed in US District Court for the Central District of California. It wasn't revealed at the time of the auction that the buyer was the now-disgraced FTX, the lawsuit said.

"Sotheby's representations that the undisclosed buyer was a 'traditional' collector had misleadingly created the impression that the market for BAYC NFTs had crossed over to a mainstream audience," the lawsuit claimed. Lawsuit plaintiffs say that harmed investors bought the NFTs "with a reasonable expectation of profit from owning them."

Sotheby's sold a lot of 101 Bored Ape NFTs for $24.4 million at its "Ape In!" auction in September 2021, well above the pre-auction estimates of $12 million to $18 million. That's an average price of over $241,000, but Bored Ape NFTs now sell for a floor price of about $50,000 worth of ether cryptocrurrency, according to CoinGecko data accessed today.

Investors previously sued Bored Ape creator Yuga Labs, four company executives, and various celebrity promoters including Paris Hilton, Gwyneth Paltrow, Kevin Hart, Snoop Dogg, Serena Williams, Madonna, Jimmy Fallon, Steph Curry, and Justin Bieber. The original class-action was filed in December 2022, and Sotheby's was added as a defendant in an amended complaint submitted on August 4.

Yuga describes its collection of 10,000 Bored Ape NFTs as "unique digital collectibles living on the Ethereum blockchain" that double as a "Yacht Club membership card." The website has some "members-only" areas. "When you buy a Bored Ape, you're not simply buying an avatar or a provably rare piece of art," the NFT collection's website says. "You are gaining membership access to a club whose benefits and offerings will increase over time. Your Bored Ape can serve as your digital identity, and open digital doors for you."

Lawsuit: Yuga “colluded” with Sotheby’s

The amended lawsuit alleges that "Yuga colluded with fine arts broker, Defendant Sotheby's, to run a deceptive auction." After the sale, a Sotheby's representative described the winning bidder during a Twitter Spaces event as a "traditional" collector, the lawsuit said.

The lawsuit said it turned out the auction buyer was now-bankrupt crypto exchange FTX, whose founder Sam Bankman-Fried is in jail awaiting trial on criminal charges. Ethereum blockchain transaction data shows that after the auction, "Sotheby's transferred the lot of BAYC NFTs to wallet address 0xf8e0C93Fd48B4C34A4194d3AF436b13032E641F3,77 which, upon information and belief, is owned/controlled by FTX," the complaint said. Speculation that FTX was the buyer had been percolating since at least January 2023.

The lawsuit alleges that Yuga Labs and Sotheby's violated the California Unfair Competition Law, the California Corporate Securities Law, the US Securities Exchange Act, and the California Corporations Code. The plaintiffs also claim that Sotheby's Metaverse, an NFT trading platform opened after the auction, "operated (or attempted to operate) as an unregistered broker of securities."

"FTX has several deep ties to Yuga such that it would be mutually beneficial for both Yuga and FTX (as well as Sotheby's) if the BAYC NFT collection were to rise in price and trading volume activity. Upon information and belief, given the extensive financial interests shared by Yuga, Sotheby's and FTX, each knew that FTX was the real buyer of the lot of BAYC NFTs at the Sotheby's auction at the time that Sotheby's representatives were publicly representing that a 'traditional' buyer had made the purchase," the lawsuit said. FTX is not named as a defendant.

Ape prices soared, then plummeted

After the auction, the price of Bored Ape digital assets hit a new high and kept rising for months. It peaked at over $420,000 in April 2022 but plummeted to about $90,000 six weeks later, according to CoinGecko.

The class action lawsuit's named plaintiffs are Johnny Johnson, Ezra Boekweg, Mario Palombini, and Adam Titcher. They are trying to get certification of a class consisting of "all investors who purchased Yuga's non-fungible tokens ('NFTs') or ApeCoin tokens ('ApeCoin') between April 23, 2021 and the present." There were over 103,000 account holders of Yuga securities as of December 1, 2022, the lawsuit said.

"While the Executive Defendants made hundreds of millions of dollars, investors were left with NFTs worth a fraction of their artificially inflated value," the original version of the complaint in December said.

Yuga and other defendants have a September 12 deadline to file motions to dismiss the complaint. Sotheby's told CNN this week that the "allegations in this suit are baseless, and Sotheby's is prepared to vigorously defend itself." Yuga Labs similarly called the allegations "completely without merit or factual basis."

 

Matthieu Ricard is an ordained Buddhist monk and an internationally best-selling author of books about altruism, animal rights, happiness and wisdom. His humanitarian efforts led to his homeland’s awarding him the French National Order of Merit. (Ricard’s primary residence is a Nepalese monastery.) He was the Dalai Lama’s French interpreter and holds a Ph.D in cellular genetics. In the early 2000s, researchers at the University of Wisconsin found that Ricard’s brain produced gamma waves — which have been linked to learning, attention and memory — at such pronounced levels that the media named him “the world’s happiest man.”

 

Archived version: https://archive.ph/IltyK

Joshua Hunt, 32, denies two Public Order Act charges of intentional harassment, alarm, or distress in relation to incidents allegedly committed on May 7 and May 9 in the Bleadon and Cleeve areas of Somerset.

Hunt, of Claverham, Somerset, was ordered to not "crawl, wriggle or writhe on the ground wearing a full-body covering or mask" or visit the areas where the offences are alleged to have taken place at an earlier hearing.

Previous hearings have heard that female motorists driving at night reported to the police seeing a man in a black costume.

At a pre-trial hearing today, District Judge Angela Brereton fixed Hunt's trial for a half-day at Bristol Magistrates' Court on October 27.

Hunt was released on unconditional bail until his trial.

Hunt is also separately charged with one count of affray and one count of possession of a bladed article in Bleadon, near Weston-super-Mare, on May 9.

The 31-year-old is also accused of affray in relation to an incident there two days earlier and is also charged with outraging public decency in Cleeve on October 25 last year.

Hunt had previously been due to stand trial at Bristol Crown Court in November for a different charge.

 

Archived version: https://archive.ph/rzWwd

The future for Wilko’s 12,500 staff hung in the balance on Thursday as they waited to hear whether a serious bidder for the budget retail chain had emerged.

Interested parties in the household goods retailer, which has 400 stores, had until Wednesday night to put forward their best offers for the company that called in administrators last week as it faced running out of cash.

It is expected that dozens, if not hundreds, of Wilko stores will have to close because a bid for the whole group as a going concern is unlikely to have been made, say industry insiders.

However, the full chain is expected to continue to trade into next week as talks on parcelling up the group’s assets are expected to drag on. Administrators are negotiating with potential suitors, including Poundland, B&M, Primark and Home Bargains, for groups of up to 50 stores each.

Bidders that could potentially rescue the Wilko brand include Hilco, which holds £40m of the chain’s debt, the Bensons for Beds owner, Alteri, and the Laura Ashley owner, Gordon Brothers, although it is not clear if any put forward a formal bid.

The GMB union, which represents thousands of workers at Wilko, said it still believed there was a chance of a rescue deal.

Andy Prendergast, the union’s national secretary, said: “GMB is in talks with administrators and there is still hope.”

The union has accused the firm’s management of allowing the retailer to lose its place in the market by failing to invest in technology for home shopping and other improvements while “much-needed cash was taken out of the business” by the owning Wilkinson family.

The GMB said: “We are seeking clarification regarding pensions, but have concerns. The Wilkinson family took tens of millions from the business in the decade up to the collapse. If they were serious about supporting working people, they should have invested in their staff.”

The family paid themselves £3m in dividends in the 12 months to the end of February 2022 despite a loss-making year for the Wilko group, as first revealed by the Guardian.

The last reported deficit for the group’s defined benefit pension fund was £16m, but the fund has a £20m security over Wilko property assets. John Ralfe, a pensions expert, believes the hole in the fund is likely to have closed because of the rise in interest rates.

Wilko customers expressed anger about difficulties in getting information on refunds and deliveries after the group’s helpline and chat service shut down last week.

The customer helpline reopened this week, but was overwhelmed with queries from shoppers seeking a refund or information about held-up deliveries.

 

Do you sometimes get frustrated at how slow your computer's operating system can be? Now is your chance to prove that you could do a better job!

Behold the nerdiest game ever, in which YOU are the operating system! As such, you have to manage the computer's processes, memory and input/output events, and try not to get rebooted by an impatient user. Good luck!

 

Do you sometimes get frustrated at how slow your computer's operating system can be? Now is your chance to prove that you could do a better job!

Behold the nerdiest game ever, in which YOU are the operating system! As such, you have to manage the computer's processes, memory and input/output events, and try not to get rebooted by an impatient user. Good luck!

 

Do you sometimes get frustrated at how slow your computer's operating system can be? Now is your chance to prove that you could do a better job!

Behold the nerdiest game ever, in which YOU are the operating system! As such, you have to manage the computer's processes, memory and input/output events, and try not to get rebooted by an impatient user. Good luck!

 

Archived version: https://archive.ph/3vfmc

How much ink does an all-in-one printer need in order to fax a document? Or to scan one to your computer? The obvious answer is "none." But if you own certain printers from companies like HP and Canon, you won't be able to use core features unless the device has ink—even if those features have nothing to do with ink.

Unfortunately, all-in-one printers arbitrarily demanding ink to perform non-printing functions isn't a new frustration. And that's despite some companies having printers that can scan without ink. Clearly, scanning or faxing without requiring an ink cartridge would improve users' experience—and they've illustrated that through class-action lawsuits. But this hasn't stopped printer makers from fighting to keep the nettlesome practice.

No ink, no scan

Since mid-2022, HP has been fighting a class-action lawsuit alleging that certain all-in-one printer models won't scan or fax without ink and that HP doesn't properly disclose this to shoppers. On January 13, 2023, the complaint was dismissed but allowed to be amended (you can view the amended complaint here: [PDF]), and on August 10, a Northern District of California judge dismissed HP's motion to dismiss the amended complaint [PDF].

HP Envy 6455e and HP Deskjet 2655 purchasers Gary Freund and Wayne McMath filed the complaint, which states that HP printers are designed to enter an error state when low or out of ink, preventing usage until the installment of a new ink cartridge. The plaintiffs are also peeved that HP marketing and advertising doesn't clearly disclose this, the complaint says. The complaint also notes that an HP support agent has said that HP printers are "designed in such a way that with the empty cartridge or without the cartridge the printer will not function."

"HP’s All-in-One Printers do not work as advertised. Ink is not a necessary component to scan or to fax a document," the complaint reads.

It adds:

Tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices offers no benefit and only serves to disadvantage and harm consumers financially. However, tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices does, however [sic], serve to benefit HP.

Anyone who's owned an inkjet printer knows how expensive ink can be. That suggests a reason to push people to buy ink through tactics like blocking core features if no ink is present and reportedly selling printers below cost. Ink-buying programs have also become cash cows. HP in 2021, for example, said its Instant Ink subscription business was worth $500 million, per CRN. In its Q2 2023 financial report, HP named Instant Ink a key growth area.

The complaint against HP says:

Indeed, HP designs its All-in-One printer products so they will not work without ink. Yet, HP does not disclose this fact to consumers. … Even were it technically possible to scan a document without all ink cartridges present, HP does not disclose any 'workaround' to consumers in any of the product packaging nor in any of HP’s advertising and marketing materials regarding its multi-function devices.

The complaint seeks monetary damages as well as the end of HP's "misleading advertising and marketing campaign" and for HP to "engage in a corrective campaign to inform consumers of the misleading advertising."

Here are all the HP printer models listed in the complaint:

  • HP Deskjet 2755e
  • HP DeskJet 3755
  • HP DeskJet 4155e
  • HP ENVY 6055e
  • HP ENVY 6075
  • HP ENVY 6455
  • HP ENVY Pro 6475
  • HP OfficeJet 250 Mobile
  • HP OfficeJet Pro 7740 Wide Format
  • HP OfficeJet Pro 8025
  • HP DeskJet 2622
  • HP DeskJet 2655

HP declined to comment on this story.

Canon's doing it, too

HP isn't the only company demanding ink for scans and faxes. It's not even the only one that has faced litigation over it.

As noticed by The Verge, Canon back in March settled a class-action lawsuit [PDF] stating that Canon all-in-one printers can't scan or fax with low or empty ink cartridges and its "advertising claims are false, misleading, and reasonably likely to deceive the public."

The settlement terms weren't disclosed, and Canon didn't respond to Ars Technica's request for comment. But here are the models listed in that complaint:

  • MAXIFY GX7020
  • MAXIFY GX6020
  • PIXMA TS3520
  • PIXMA G3260
  • PIXMA G7020
  • PIXMA G2260
  • PIXMA MX330
  • PIXMA MX452
  • PIXMA TS9520
  • PIXMA TR8620
  • PIXMA TS6420
  • PIXMA TS6320
  • PIXMA TR4520
  • PIXMA MG3620
  • PIXMA MG2522
  • PIXMA TS3320
  • PIXMA TR7020
  • PIXMA TS9521C
  • PIXMA TS8320
  • PIXMA TR8520
  • PIXMA TR7520
  • "and any and all predecessor models"

Similarly to the HP situation, representatives on Canon's support forum allegedly confirmed that certain all-in-one printer models require "all ink tanks installed and they must all contain ink in order to use the functions of the printer" and that "there is no workaround for this."

However, the posts that are linked to in the complaint (here and here) as of November 22, 2022, have a comment from a moderator saying, "It's possible to scan with an empty ink tank or cartridge." The support page provides instructions for disabling the function that detects ink levels.

Canon didn't explain why its printers ever required ink to scan in the first place. But the company has at least agreed to instruct users on disabling the ink requirement, which is better than where HP is currently.

Semantics prioritized over customers

As of this writing, HP doesn't seem to be working toward enabling its printers to scan and fax without ink. When trying to get the complaint dismissed, HP claimed that support agents who said printers are designed to not scan without ink don't represent HP and were not referring to printer models owned by the complaint's plaintiffs.

The printer industry has long had an issue with customer trust. HP, for instance, has bricked third-party ink (and issued other problematic printer firmware updates), along with the company's controversial HP+ program and region-locked printers . HP has already paid settlements for abruptly bricking third-party ink via its Dynamic Security "feature."

The Verge noticed that HP at least changed its language for the Envy 6455e's Amazon product page to say that you can "print, scan, and copy from your phone—from whenever, wherever" to "print, scan, and copy from your phone—from anywhere."

Such semantic games feel more like HP seeking a loophole than trying to please customers.

Such corporation-first tactics may be why Epson thinks it's dunking on competitors with its own support page dedicated to this topic. It reads, "Since 2008, all Epson printers will scan even when there is little or no usable ink left in the cartridge."

But, as is often the case with printers, a sneaky little caveat could abruptly ruin your day. As the support page also states:

However, all of the genuine Epson cartridges must be installed in the printer, even if depleted of usable ink and the printer displays the replace cartridge message.

So you still need an Epson ink cartridge to scan. If you happened to have tossed your ink cartridge when it became useless, your all-in-one printer could be virtually useless, too. (Epson didn't respond to a request for comment.)

It's alarming that printer makers know customers feel swindled and confused—but won't eliminate the problematic design. Printer vendors have become too bold in expecting customers to accept wordplay, settlements, and confusing support responses. Class-action lawsuits may light a fire under these companies, but it shouldn't be up to disgruntled customers to complain to support agents, lawyers, and judges.

If printer companies can't deliver a reliable, easy experience, customers will have no choice but to consider alternatives.

 

Archived version: https://archive.ph/3vfmc

How much ink does an all-in-one printer need in order to fax a document? Or to scan one to your computer? The obvious answer is "none." But if you own certain printers from companies like HP and Canon, you won't be able to use core features unless the device has ink—even if those features have nothing to do with ink.

Unfortunately, all-in-one printers arbitrarily demanding ink to perform non-printing functions isn't a new frustration. And that's despite some companies having printers that can scan without ink. Clearly, scanning or faxing without requiring an ink cartridge would improve users' experience—and they've illustrated that through class-action lawsuits. But this hasn't stopped printer makers from fighting to keep the nettlesome practice.

No ink, no scan

Since mid-2022, HP has been fighting a class-action lawsuit alleging that certain all-in-one printer models won't scan or fax without ink and that HP doesn't properly disclose this to shoppers. On January 13, 2023, the complaint was dismissed but allowed to be amended (you can view the amended complaint here: [PDF]), and on August 10, a Northern District of California judge dismissed HP's motion to dismiss the amended complaint [PDF].

HP Envy 6455e and HP Deskjet 2655 purchasers Gary Freund and Wayne McMath filed the complaint, which states that HP printers are designed to enter an error state when low or out of ink, preventing usage until the installment of a new ink cartridge. The plaintiffs are also peeved that HP marketing and advertising doesn't clearly disclose this, the complaint says. The complaint also notes that an HP support agent has said that HP printers are "designed in such a way that with the empty cartridge or without the cartridge the printer will not function."

"HP’s All-in-One Printers do not work as advertised. Ink is not a necessary component to scan or to fax a document," the complaint reads.

It adds:

Tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices offers no benefit and only serves to disadvantage and harm consumers financially. However, tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices does, however [sic], serve to benefit HP.

Anyone who's owned an inkjet printer knows how expensive ink can be. That suggests a reason to push people to buy ink through tactics like blocking core features if no ink is present and reportedly selling printers below cost. Ink-buying programs have also become cash cows. HP in 2021, for example, said its Instant Ink subscription business was worth $500 million, per CRN. In its Q2 2023 financial report, HP named Instant Ink a key growth area.

The complaint against HP says:

Indeed, HP designs its All-in-One printer products so they will not work without ink. Yet, HP does not disclose this fact to consumers. … Even were it technically possible to scan a document without all ink cartridges present, HP does not disclose any 'workaround' to consumers in any of the product packaging nor in any of HP’s advertising and marketing materials regarding its multi-function devices.

The complaint seeks monetary damages as well as the end of HP's "misleading advertising and marketing campaign" and for HP to "engage in a corrective campaign to inform consumers of the misleading advertising."

Here are all the HP printer models listed in the complaint:

  • HP Deskjet 2755e
  • HP DeskJet 3755
  • HP DeskJet 4155e
  • HP ENVY 6055e
  • HP ENVY 6075
  • HP ENVY 6455
  • HP ENVY Pro 6475
  • HP OfficeJet 250 Mobile
  • HP OfficeJet Pro 7740 Wide Format
  • HP OfficeJet Pro 8025
  • HP DeskJet 2622
  • HP DeskJet 2655

HP declined to comment on this story.

Canon's doing it, too

HP isn't the only company demanding ink for scans and faxes. It's not even the only one that has faced litigation over it.

As noticed by The Verge, Canon back in March settled a class-action lawsuit [PDF] stating that Canon all-in-one printers can't scan or fax with low or empty ink cartridges and its "advertising claims are false, misleading, and reasonably likely to deceive the public."

The settlement terms weren't disclosed, and Canon didn't respond to Ars Technica's request for comment. But here are the models listed in that complaint:

  • MAXIFY GX7020
  • MAXIFY GX6020
  • PIXMA TS3520
  • PIXMA G3260
  • PIXMA G7020
  • PIXMA G2260
  • PIXMA MX330
  • PIXMA MX452
  • PIXMA TS9520
  • PIXMA TR8620
  • PIXMA TS6420
  • PIXMA TS6320
  • PIXMA TR4520
  • PIXMA MG3620
  • PIXMA MG2522
  • PIXMA TS3320
  • PIXMA TR7020
  • PIXMA TS9521C
  • PIXMA TS8320
  • PIXMA TR8520
  • PIXMA TR7520
  • "and any and all predecessor models"

Similarly to the HP situation, representatives on Canon's support forum allegedly confirmed that certain all-in-one printer models require "all ink tanks installed and they must all contain ink in order to use the functions of the printer" and that "there is no workaround for this."

However, the posts that are linked to in the complaint (here and here) as of November 22, 2022, have a comment from a moderator saying, "It's possible to scan with an empty ink tank or cartridge." The support page provides instructions for disabling the function that detects ink levels.

Canon didn't explain why its printers ever required ink to scan in the first place. But the company has at least agreed to instruct users on disabling the ink requirement, which is better than where HP is currently.

Semantics prioritized over customers

As of this writing, HP doesn't seem to be working toward enabling its printers to scan and fax without ink. When trying to get the complaint dismissed, HP claimed that support agents who said printers are designed to not scan without ink don't represent HP and were not referring to printer models owned by the complaint's plaintiffs.

The printer industry has long had an issue with customer trust. HP, for instance, has bricked third-party ink (and issued other problematic printer firmware updates), along with the company's controversial HP+ program and region-locked printers . HP has already paid settlements for abruptly bricking third-party ink via its Dynamic Security "feature."

The Verge noticed that HP at least changed its language for the Envy 6455e's Amazon product page to say that you can "print, scan, and copy from your phone—from whenever, wherever" to "print, scan, and copy from your phone—from anywhere."

Such semantic games feel more like HP seeking a loophole than trying to please customers.

Such corporation-first tactics may be why Epson thinks it's dunking on competitors with its own support page dedicated to this topic. It reads, "Since 2008, all Epson printers will scan even when there is little or no usable ink left in the cartridge."

But, as is often the case with printers, a sneaky little caveat could abruptly ruin your day. As the support page also states:

However, all of the genuine Epson cartridges must be installed in the printer, even if depleted of usable ink and the printer displays the replace cartridge message.

So you still need an Epson ink cartridge to scan. If you happened to have tossed your ink cartridge when it became useless, your all-in-one printer could be virtually useless, too. (Epson didn't respond to a request for comment.)

It's alarming that printer makers know customers feel swindled and confused—but won't eliminate the problematic design. Printer vendors have become too bold in expecting customers to accept wordplay, settlements, and confusing support responses. Class-action lawsuits may light a fire under these companies, but it shouldn't be up to disgruntled customers to complain to support agents, lawyers, and judges.

If printer companies can't deliver a reliable, easy experience, customers will have no choice but to consider alternatives.

 

Archived version: https://archive.ph/eSuy1

A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone numbers in real time as they moved from one carrier to the other. A jump of eight weeks had dire consequences because it caused numbers that had yet to be transferred to be listed as having already been moved and numbers that had already been transferred to be reported as pending.

“With these updated routing tables, a lot of people were unable to make calls, as we didn't have a correct state!” the engineer, who asked to be identified only by his first name, Simen, wrote in an email. “We would route incoming and outgoing calls to the wrong operators! This meant, e.g., children could not reach their parents and vice versa.”

A show-stopping issue

Simen had experienced a similar error last August when a machine running Windows Server 2019 reset its clock to January 2023 and then changed it back a short time later. Troubleshooting the cause of that mysterious reset was hampered because the engineers didn’t discover it until after event logs had been purged. The newer jump of 55 days, on a machine running Windows Server 2016, prompted him to once again search for a cause, and this time, he found it.

The culprit was a little-known feature in Windows known as Secure Time Seeding. Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order. Secure Time Seeding, Microsoft said, was a hedge against failures in the battery-powered onboard devices designed to keep accurate time even when the machine is powered down.

“You may ask—why doesn’t the device ask the nearest time server for the current time over the network?” Microsoft engineers wrote. “Since the device is not in a state to communicate securely over the network, it cannot obtain time securely over the network as well, unless you choose to ignore network security or at least punch some holes into it by making exceptions.”

To avoid making security exceptions, Secure Time Seeding sets the time based on data inside an SSL handshake the machine makes with remote servers. These handshakes occur whenever two devices connect using the Secure Sockets Layer protocol, the mechanism that provides encrypted HTTPS sessions (it is also known as Transport Layer Security). Because Secure Time Seeding (abbreviated as STS for the rest of this article) used SSL certificates Windows already stored locally, it could ensure that the machine was securely connected to the remote server. The mechanism, Microsoft engineers wrote, “helped us to break the cyclical dependency between client system time and security keys, including SSL certificates.”

Simen wasn’t the only person encountering wild and spontaneous fluctuations in Windows system clocks used in mission-critical environments. Sometime last year, a separate engineer named Ken began seeing similar time drifts. They were limited to two or three servers and occurred every few months. Sometimes, the clock times jumped by a matter of weeks. Other times, the times changed to as late as the year 2159.

“It has exponentially grown to be more and more servers that are affected by this,” Ken wrote in an email. “In total, we have around 20 servers (VMs) that have experienced this, out of 5,000. So it's not a huge amount, but it is considerable, especially considering the damage this does. It usually happens to database servers. When a database server jumps in time, it wreaks havoc, and the backup won’t run, either, as long as the server has such a huge offset in time. For our customers, this is crucial.”

Simen and Ken, who both asked to be identified only by their first names because they weren’t authorized by their employers to speak on the record, soon found that engineers and administrators had been reporting the same time resets since 2016.

In 2017, for instance, a Reddit user in a sysadmin forum reported that some Windows 10 machines the user administered for a university were reporting inaccurate times, in some cases by as many as 31 hours in the past. The Reddit user eventually discovered that the time changes were correlated to a Windows registry key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits. Additional investigation showed that the time changes were also linked to errors that reported valid SSL certificates used by the university website were invalid when some people tried to access it. The admin reached the following conclusion:

TLDR: Windows 10 has a feature called Secure Time which is on by default. It correlates time stamp metadata from SSL packets and matches them against time from the DCs. It processes these various times by means of black magic and sets the system clock accordingly. This feature has the potential to flip out and set the system time to a random time in the past. The flip out MIGHT be caused by issues with SSL traffic.

Other examples of people reporting the same behavior—for example, here and here—date back to 2016, shortly after the rollout of STS. More recent reports of harmful STS-induced time changes are here, here, and here.

“We've run into a show-stopping issue where time on a bunch of production systems jumped forward 17 hours,” one Reddit user wrote. “If you've been in the game more than a week, you know the havoc this can cause.”

STS primer

To determine the current time, STS pulls a set of metadata contained in the SSL handshake. Specifically, the data is:

  • ServerUnixTime, a date and time representation showing the number of seconds that have elapsed since 00:00:00 UTC on January 1, 1970
  • Cryptographically signed data obtained from the remote server’s SSL certificate showing whether it has been revoked under a mechanism knowns as the Online Certificate Status Protocol.

Microsoft engineers said they used the ServerUnixTime data “assuming it is somewhat accurate” but went on to acknowledge in the same sentence that it “can also be incorrect.” To prevent STS from resetting system clocks based on data provided by a single out-of-sync remote server, STS makes randomly interspersed SSL connections to multiple servers to arrive at a reliable range for the current time. The mechanism then merges the ServerUnixTime with the OCSP validity period to produce the smallest possible time range and assigns it a confidence score. When the score reaches a sufficiently high threshold, Windows classifies the data as an STSHC, short for Secure Time Seed of High Confidence. The STSHC is then used to monitor system clocks for “gross errors” and correct them.

Despite the checks and balances built into STS to ensure it provides accurate time estimates, the time jumps indicate the feature sometimes makes wild guesses that are off by days, weeks, months, or even years.

“At this point, we are not completely sure why secure time seeding is doing this,” Ken wrote in an email. “Being so seemingly random, it’s difficult to [understand]. Microsoft hasn't really been helpful in trying to track this, either. I've sent over logs and information, but they haven't really followed this up. They seem more interested in closing the case.”

The logs Ken sent looked like the ones shown in the two screenshots below. They captured the system events that occurred immediately before and after the STS changed the times. The selected line in the first image shows the bounds of what STS calculates as the correct time based on data from SSL handshakes and the heuristics used to corroborate it.

The “Projected Secure Time” entry immediately above the selected line shows that Windows estimates the current date to be October 20, 2023, more than four months later than the time shown in the system clock. STS then changes the system clock to match the incorrectly projected secure time, as shown in the “Target system time.”

The second image shows a similar scenario in which STS changes the date from June 10, 2023, to July 5, 2023.

Simen, meanwhile, said he has also reported the time resets to multiple groups at Microsoft. When reporting the problems on Microsoft’s feedback hub in May, he said, he received no company response. He then reported it through the Microsoft Security Response Center in June. The submission was closed as a “non-MSRC case" with no elaboration.

The engineer then tapped a third party specializing in Microsoft cloud security to act as an intermediary. The intermediary relayed a response from Microsoft recommending STS be turned off when the server receives reliable timekeeping through the Network Time Protocol.

“Unfortunately, this recommendation isn't publicly available, and it is still far from enough to stop the wrongly designed feature to keep wreaking havoc around the world,” Simen wrote in an email.

Warning: STS will “bite you in the butt”

Simen said he believes the STS design is based on a fundamental misinterpretation of the TLS specification. Microsoft’s description of STS acknowledges that some SSL implementations don’t put the current system time of the server in the ServerUnixTime field at all. Instead, these implementations—most notably the widely used OpenSSL code library starting in 2014—populate the field with random values. Microsoft’s description goes on to say, “We have observed that most servers provide a fairly accurate value in this field and the rest provide random values.”

“The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”

While official Microsoft talking points play down the unreliability of STS, Ryan Ries, whose LinkedIn profile indicates he is a senior Windows escalation engineer at Microsoft, wasn’t as reticent when discussing STS on social media last year.

“Hey people,” he wrote. “If you manage Active Directory domain controllers, I want to give you some UNOFFICIAL advice that is solely my personal opinion: Disable Secure Time Seeding for w32time on your DCs.” When someone asked him why, Ries responded, “Because it's just a matter of time—wink—before it bites you in the butt.”

A Microsoft representative emailed the following statement several hours after this post went live on Ars:

Secure Time Seeding feature is a heuristic-based method of time keeping that also helps correct system time in case of certain software/firmware/hardware timekeeping failures. The feature has been enabled by default in all default Windows configurations and has been shown to function as intended in default configurations.

Time distribution is unique to each deployment and customers often configure their machines to their particular needs. Given the heuristic nature of Secure Time Seeding and the variety of possible deployments used by our customers, we have provided the ability to disable this feature if it does not suit their needs. Our understanding is that there are likely unique, proprietary, complex factors in deployments where customers are experiencing Secure Time Seeding issues and these customers do not benefit from this feature as it is currently implemented. In these isolated cases, the only course of action we can recommend is to disable this feature in their deployments.

We agree that the overall direction of technology with the adaption of TLS v1.3 and other developments in this area could make Secure Time Seeding decreasingly effective over time, but we are not aware of any bugs arising from their use. This technology direction also makes heuristic calculation of time using SSL/TLS far less attractive when compared to deterministic, secure time synchronization.

We continue to investigate how to best secure time synchronization on the Internet and welcome customer input on how to best meet their future needs.

The mystery continues

As Simen noted earlier, it's not clear precisely what causes STS to make the errors sometimes but not always.

"This is what really strikes me as odd," Simen wrote. Microsoft "know the field they look at might contain random data, so my guess is that their implementation breaks down when this is skewed so that most/all implementations they communicate with contains random data rather than just some."

HD Moore, CTO and co-founder at runZero, speculated that the cause is some sort of logic bug in Microsoft code. On Signal, he wrote:

If OpenSSL has been setting random unix times in TLS responses for a long period of time, but this bug is showing up infrequently, then it's likely harder to trigger than just forcing a bunch of outbound TLS connections to a server with bogus timestamp replies—if it was that easy, it would happen far more frequently.

Either the STS logic requires different root certificates as the signer, or some variety in the hostnames/IPs, or only triggers on certain flavors of random timestamp (like values dividable by 1024 or something).

It smells like a logic bug that is triggered infrequently by fully random timestamps (32-bit) and likely just some subset of values and with some other conditions (like multiple requests in some period of time to multiple certs, etc.).

There are other means to ensure server clocks remain accurate, Moore said:

[Clock-setting] seems like something better handled through NTP, or at least through a trusted TLS connection to a known endpoint operated by the vendor (time.windows.com and friends). The super lazy (but arguably safer) way to get a trusted timestamp is something like: ❯ curl -s -vvv https://www.microsoft.com/4040 2>&1 | grep -i '< date:'< date: Wed, 16 Aug 2023 04:37:31 GMT.

Second-ish precision, and if you lock the HTTP client to a short list of trusted CA roots for the target domain, pretty hard to mess with. I used something similar forever ago on Linux systems where the clock would go wrong often—set the hwclock to the HTTP response timestamp of a known good server, then run NTP, which would succeed since the clock was close enough to be within the boundary check—otherwise NTP would fail since the clock was too far off.

As the creator and lead developer of the Metasploit exploit framework, a penetration tester, and a chief security officer, Moore has a deep background in security. He speculated that it might be possible for malicious actors to exploit STS to breach Windows systems that don't have STS turned off. One possible exploit would work with an attack technique known as Server Side Request Forgery.

Microsoft’s repeated refusal to engage with customers experiencing these problems means that for the foreseeable future, Windows will by default continue to automatically reset system clocks based on values that remote third parties include in SSL handshakes. Further, it means that it will be incumbent on individual admins to manually turn off STS when it causes problems.

That, in turn, is likely to keep fueling criticism that the feature as it has existed for the past seven years does more harm than good.

STS “is more like malware than an actual feature,” Simen wrote. “I’m amazed that the developers didn’t see it, that QA didn’t see it, and that they even wrote about it publicly without anyone raising a red flag. And that nobody at Microsoft has acted when being made aware of it.”

[–] soyagi@yiffit.net 8 points 1 year ago

I did use the cross-post feature. Many apps do not recognise or acknowledge cross-posting yet which might explain why this article may have appeared multiple times for you.

[–] soyagi@yiffit.net 11 points 1 year ago

This is why Sony was making such a big deal about Call of Duty during the discussions about Microsoft acquiring Activision (owners of the Call of Duty franchise). Sony wanted reassurance that the Call of Duty games would still come out on the PlayStation consoles, and not be exclusive to Microsoft's platforms (Xbox and Windows). When you see that Call of Duty has been the best selling game nearly every year recently, you can understand Sony's plea.

[–] soyagi@yiffit.net 3 points 1 year ago

I think people criticized Temtem for being too microtransaction heavy.

Steam link for those interested: https://store.steampowered.com/app/745920/Temtem/

[–] soyagi@yiffit.net 22 points 1 year ago (9 children)

Palworld is set to officially release at the start of next year. It's clearly very Pokémon inspired, but looks much more impressive than any existing Pokémon game. I wonder if Palworld will help shake the Pokémon Company into upping their game.

[–] soyagi@yiffit.net 33 points 1 year ago (3 children)

Yes, weirdly the very same website wrote about it back then (https://www.iflscience.com/fully-intact-dinosaur-embryo-found-inside-fossilized-egg-62004). I'm not sure what inspired another article now.

[–] soyagi@yiffit.net 17 points 1 year ago (2 children)

This was originally published in 2021 so I wonder why it has a new article.

https://www.iflscience.com/fully-intact-dinosaur-embryo-found-inside-fossilized-egg-62004

[–] soyagi@yiffit.net 12 points 1 year ago

The source code of the original game was leaked last year.

https://phoboslab.org/log/2023/08/rewriting-wipeout

[–] soyagi@yiffit.net 1 points 1 year ago

Keep in mind plenty of people struggle to get the jobs they want, regardless of gender identity, sexuality, etc.

[–] soyagi@yiffit.net 1 points 1 year ago

This is pointed out in the article, and was even quoted in the very post you replied to.

view more: ‹ prev next ›