[HN Gopher] Firmware update bricks HP printers, makes them unabl...
___________________________________________________________________
Firmware update bricks HP printers, makes them unable to use HP
cartridges
Author : speckx
Score : 99 points
Date : 2025-03-10 18:26 UTC (4 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| hyperman1 wrote:
| Wat's your update strategy today, HN? Main possibilities seem to
| be 1) The faster, the better I am protected. 2) I wait a few
| days/weeks. The second mouse gets the cheese.
| bobmcnamara wrote:
| 0) Don't buy from companies that treat me like a criminal.
|
| 1) Manufacture's suggested update schedule.
| JadeNB wrote:
| > 0) Don't buy from companies that treat me like a criminal.
|
| So don't buy printers, basically? That's sarcasm, but, non-
| sarcastically, do you know any printer companies that (make
| decent printers and) have basic respect for their users?
| ndiddy wrote:
| Brother laser printers are cheap and extremely reliable if
| you only need to print in black and white. Because they use
| toner, there's no ink to dry up so they can go months
| without printing and not clog. The catch is that Brother
| started putting chips in their toner cartridges a few years
| ago to keep track of toner usage (they previously used a
| mechanical gear system). You can still buy and use third-
| party toner but most third-party toner cartridges use small
| batteries on their chips and the toner will stop working if
| the battery runs out (this is the source of all the rumors
| about various firmware updates stopping third-party toner
| from working). However, even if you stick to official
| toner, the cost per page is still fairly low.
|
| If you need to print in color, you can buy an inkjet
| printer that uses ink tanks instead of cartridges. However,
| you generally should be printing at least once per week as
| otherwise you'll need to waste a bunch of ink on head
| cleaning cycles. The other thing is that all inkjet
| printers (including ink tanks) clean their heads by
| spraying ink into a pad called the "waste ink reservoir".
| After a couple years of use, the pad will become saturated
| with ink and the printer will refuse to work. Most printers
| have the pad integrated into the printer, so you have to
| throw out the printer at this point. Look for a printer
| with a "maintenance box", which is really the waste ink pad
| in a user-replaceable plastic cartridge.
| kstrauser wrote:
| I'm still going with Brother. There was a recent claim that
| they disabled 3rd party toners but there were lots of
| anecdotal stories of people who had no such trouble with
| it.
|
| If Brother ever truly loses the plot, my next printer will
| be the local FedEx store. Life's too short to fight hostile
| hardware.
| llm_nerd wrote:
| I have a Brother multifunction colour inkjet
| (MFC-J995DW). I generally only printed in B&W on the very
| rare occasion I printed, so when a colour ran out
| (usually because one of my children errantly printed some
| giant colour thing) it was perfectly happy to keep
| printing black content using the giant, very full black
| cartridge.
|
| A recent (as in the past two years) update removed that
| benefit. Now it fully refuses to function in _any_
| capacity if a colour cartridge is out. It won 't let me
| print fully-black content, and it won't even let me
| _scan_.
|
| So Brother are no longer one of the good guys.
| bobmcnamara wrote:
| HP LaserJet from the period where they still made atomic
| clocks. Did need to upgrade the memory and added a network
| card when my computer no longer had a parallel port.
|
| Today, Epson for inkjet and Brother for laser.
| yjftsjthsd-h wrote:
| You can take different approaches on different things. A
| browser is probably the most exposed piece of software in your
| system, so maybe be aggressive with updates on that, but a
| printer is unlikely to be exposed to untrusted inputs so I
| would question whether there's any point updating it _ever_
| unless you have a specific issue you 're trying to fix.
| tart-lemonade wrote:
| The last time I tried updating an HP printer, it locked up
| and printed half a ream of jibberish before I pulled the plug
| on it. Now, I just put printers on a firewalled VLAN and call
| it a day.
| dylan604 wrote:
| This is pretty much my take on it. Once I get a printer
| installed and working, that's the last time I look at the
| software for it. I'm also not a heavy printer, so my printer
| tends to be unplugged more than it's actually turned on.
|
| My publicly facing servers get patched as soon as I'm aware
| there are updates available. If it borks anything, I just
| turn to the previous backup (not that this has ever actually
| happened).
| smodo wrote:
| 3) Completely disconnect my printer from the web and live with
| this small discomfort. HP burned me too many times.
| wtallis wrote:
| IOT devices (including printers) get firewalled to have no
| access outside my LAN, and I don't let my PCs run the kind of
| software that would fetch a firmware update and push it to
| another device without prompting me. The first line of security
| should always be _not connecting it to the Internet_
| unnecessarily. This is especially important when the list of
| probable attackers starts (and ends) with the manufacturer.
| zubiaur wrote:
| Absolutely. Rarely do I need a device to have access to the
| internet. Printers, speakers, sensors, vacuum cleaners,
| dishwasher. Nothing gets to talk to the outside world.
|
| They are appliances, and if they work they work. Unless
| something is broken, I leave them alone.
|
| The only exception so far has been the robot lawn mower, that
| supposedly adapts to weather forecast. But it will be jailed
| soon, too.
| litoE wrote:
| Use parental controls at the router to prevent the printer from
| accessing anything outside our in-house network. If it acts
| like a child, treat it like one.
| officeplant wrote:
| Update OS's regularly for everyday machines / Offline machines
| you don't want changes to affect. Update Phones regularly. Give
| work software a 6 month-1 year lead before updating because
| they will break something (Looking at you Autodesk & Bluebeam).
|
| And never buy an HP Printer which should come before any talks
| of when to update.
| runeofdoom wrote:
| 3) I use out of date hardware and software as much as possible,
| being rigorously paranoid to never expose it to anything risky,
| and keep it locked down as much as possible. (Which means
| little Internet use... which is arguably a feature of the
| process.)
|
| If the manufacturer doesn't support the software anymore (or
| better yet, is out of business) the odds of malicious updates
| go way down.
| doublepg23 wrote:
| I update somewhat promptly, often using automatic updates and
| stop buying manufacturers that push bad updates.
| PaulHoule wrote:
| ... that's one reason I got an Epson ET-8550
|
| https://epson.com/For-Work/Printers/Inkjet/EcoTank-Photo-ET-...
| Animats wrote:
| I have an EcoTank printer. It keeps telling me it has a
| firmware update available, but I won't let it update.
| washadjeffmad wrote:
| There are no cartridges in an EcoTank. Is there something in
| particular you're afraid of happening?
| Animats wrote:
| Who knows what they'd come up with? A requirement for an
| Epson account? Mandatory approved service replacement of
| the head cleaning brush?
| DecentShoes wrote:
| I'm almost at the point where I consider any type of firmware
| update for anything to be actively hostile and to be avoided if
| at all possible with the sole exception of patches for specific,
| significant security bugs.
|
| In 2017, Apple put out a new iPhone, and in the same week, made
| my 1 year old iPhone unusable on purpose overnight to make me buy
| a new one.
|
| My S23 Ultra got a software update that removed features and now
| I can't use YouTube. I can't just not install updates, because it
| will nag me constantly and leave a permanent notification at all
| times that I cannot remove.
|
| Sony famously removed OtherOS from existing PS3s.
|
| I'm not sure what the solution is but letting companies destroy
| their old product so you go buy a new one, whether carelessness
| or malice is unacceptable.
| markus_zhang wrote:
| I almost never do firmware update, even for security reasons.
| You never know what's in the patch, and your data is already
| sold left and right anyway. I consider myself fully hacked 10
| times, and every social media company knows me better than my
| wife.
| iforgotpassword wrote:
| You also never know what's in the original firmware, so why
| trust it more than the update, security-wise?
| brokenmachine wrote:
| In the update notes for my banking app, it listed the changes
| as "Minor update to keep the app running smoothly".
|
| If it's running smoothly, why does it need an update?
|
| I guess it's like an engine that needs fresh oil.
| vladvasiliu wrote:
| > In 2017, Apple put out a new iPhone, and in the same week,
| made my 1 year old iPhone unusable on purpose overnight to make
| me buy a new one.
|
| I often see people claim something along those lines, but it
| differs from my experience. In early 2017, I bought a
| refurbished iPhone 7 which has served me well for 7 years. I've
| never noticed any sudden deterioration in performance.
| SOLAR_FIELDS wrote:
| I think it's right to call for receipts here. It's a common
| refrain that older devices getting updated causes performance
| to slow to a crawl but exceedingly rare that someone is
| actually able to demonstrate with data that it was directly
| tied to an update. That's not to say it doesn't happen, but I
| treat any claim like that with a good deal of skepticism
| without anything other than anecdata
| brokenmachine wrote:
| Apple admitted purposefully slowing down older devices with
| updates.
|
| They said it was to prolong battery life.
| Syonyk wrote:
| It was more to prevent unexpected shutdowns. Which, I'll
| add, _were_ a problem with Android devices at the time,
| and the Nexus 5, in particular, had three battery OEMs,
| one of which would only last a year before being unable
| to run the device in high demand situations (say,
| "taking a picture with the flash").
|
| As lithium batteries age, their internal resistance goes
| up - you can model a battery as a voltage source and a
| series resistor accurately enough. Over time, that
| resistance goes up, which means, for a given current, you
| end up with less voltage "at the output." Most power
| supplies will compensate by pulling more current to
| provide the needed power, which will drop the voltage
| more until you slam into the low voltage protection
| circuitry that cuts power.
|
| The Nexus 5s are the ones I'm most familiar with, and
| they absolutely had this problem with one of the battery
| OEMs (the only way to tell which OEM you had was to pull
| the battery out, they were labeled on the back). The
| typical symptom was, "The phone shuts down when you try
| to take a picture," because camera modules are power
| hungry, the CPU was spinning hard to keep up with
| rendering the view from the camera (and possibly doing
| some pre/post frame capture to find the best frame, I
| don't recall when that showed up), and the flash pulls a
| LOT of current, very briefly. So everything would simply
| shut down when you hit the button to take the picture.
|
| Apple decided to attempt to limit this problem, and they
| locked out the highest tiers of CPU performance (which
| are the most power hungry), if the device was having
| brownout issues. It's a reasonable enough strategy. Where
| they failed (IMO) was in not alerting the users that it
| was happening, or that it was a battery health issue. The
| later iterations of it, where it tracks battery health,
| and will _tell you_ if your battery is going bad and
| needs replacement, are what they should have rolled out,
| and didn 't. My guess is that they didn't think it was
| going to be a major issue for many devices, so it was
| just a CYA sort of thing that would prevent shutdowns.
| Unfortunately, that also happened right around the same
| time that US carriers started dropping the "New phone
| every 2 years on contract!" thing, and so the iPhones of
| that era started being used rather substantially longer
| than the previously-expected 2 years, and, Apple, so
| drama for clicks.
|
| Had they just gone about telling users, "Hey, it looks
| like your battery is getting weak, would you like to
| schedule a replacement? Otherwise, we've limited
| performance slightly to prevent shutdowns." - I think it
| would have been fine. And they did settle on that
| eventually. It just took a few iterations.
| cosmic_cheese wrote:
| I experienced those shutdowns several years before that
| update was released when I was using an old worn out
| iPhone 4. Several times it died on me in the middle of an
| important call at 30-40% battery. I would've absolutely
| preferred it slowing itself down if it would've prevented
| that.
| jancsika wrote:
| https://www.bbc.com/news/technology-51413724
|
| Notice that Apple admits it did this, for the date that
| makes sense for what the user is claiming.
|
| The only debate point is whether they actually did it for
| the reason of trying to save failing batteries, or whether
| that was a smokescreen for incentivizing users to buy a new
| device.
|
| Given the evidence, I think it's wrong to call for receipts
| here.
| alistairSH wrote:
| Slowed down to preserve battery is equal to "made
| unusable"?
|
| It was a pretty lame thing to do, but the phone still
| worked.
| bigtimesink wrote:
| I had one of these phones that would crash under load and
| the update fixed it. The technical fix was sound.
| Batteries can't supply full power as they age, and the
| CPU needs high power when it runs faster. It's an
| annoying reality of battery powered devices that looks
| like a conspiracy to boost sales.
| brokenmachine wrote:
| Imagine a world with replaceable batteries.
| davesmylie wrote:
| I have stopped doing them altogether unless there is a known
| issue that I am trying to resolve.
|
| I have some "smart" devices like TVs, printers etc that require
| local area network access - where ever possible/practical they
| are blocked from exiting the network at the router level.
|
| Even software updates for non critical products are
| frustrating. I have stopped using some locally installed
| products (specifically, Evernote), because of it's forced,
| intrusive upgrade settings. I just want to open the app and
| quickly read a note, not have to muck around updating (or
| dismissing the update prompt, what seems like every single
| time.
| LadyCailin wrote:
| Ah, agile workflows, where features have to be completed and
| fully rolled out within a two week period.
| dylan604 wrote:
| The motherboard that I bought for my Hackintosh allowed for a
| thunderbolt port, and worked great with the OS. The motherboard
| issued a firmware that then removed the functionality of that
| thunderbolt port. The Hackintosh was pretty much useless at
| that point, as the external gear I used connected via
| thunderbolt
| brokenmachine wrote:
| I assume that was a BIOS update since you said the
| motherboard issued a firmware.
|
| Couldn't you downgrade the motherboard BIOS?
| dylan604 wrote:
| yes, it was a BIOS, no it could not be downgraded
| nop_slide wrote:
| > I'm almost at the point where I consider any type of firmware
| update for anything to be actively hostile and to be avoided if
| at all possible with the sole exception of patches for
| specific, significant security bugs.
|
| I recently bricked my Eufy Baby monitor trying to upgrade the
| firmware.
|
| We got an additional add on camera and it wouldn't connect to
| the new camera. So I navigated their really piss poor
| documentation on upgrading the firmware but ended up bricking
| the whole thing.
| SOLAR_FIELDS wrote:
| The unofficial firmware that is maintained by some random
| person out of a basement in Kansas is infinitely more
| trustworthy than the vendors firmware itself in iot and
| simple embedded devices. I run some fork of some custom
| firmware on an older Nighthawk router in my house and the
| random person in Kansas updates the thing with security and
| perf and feature patches monthly. Never one issue upgrading
| them
| JohnFen wrote:
| > I'm almost at the point where I consider any type of firmware
| update for anything to be actively hostile and to be avoided if
| at all possible
|
| I reached that point a number of years ago. I've more recently
| reached the point where I feel the same about software updates
| generally, not just firmware ones.
|
| A software update all too often means that the main thing you
| bought the software for is nerfed or removed.
| mrmuagi wrote:
| > In 2017, Apple put out a new iPhone, and in the same week,
| made my 1 year old iPhone unusable on purpose overnight to make
| me buy a new one.
|
| How was it made unusable?
|
| > My S23 Ultra got a software update that removed features and
| now I can't use YouTube. I can't just not install updates,
| because it will nag me constantly and leave a permanent
| notification at all times that I cannot remove.
|
| What features did it remove?
| happyopossum wrote:
| > In 2017, Apple put out a new iPhone, and in the same week,
| made my 1 year old iPhone unusable on purpose overnight to make
| me buy a new one.
|
| Uhh, citation please? I had an iPhone 7 working flawlessly here
| until I decided to replace it last year.
|
| The claim that a company "purposely" made your year old phone
| useless is beyond hyperbolic without at least a modicum of
| effort in supporting the claim.
| brokenmachine wrote:
| Apple paid out $500M in a class action about exactly this.
|
| https://www.bbc.com/news/technology-67911517
|
| Denied any wrongdoing but still paid $500M... hmmm
| the__alchemist wrote:
| I am starting to wonder if _critical security update_ has been
| co-opted to be using the same logic as _think of the children_.
| Who wouldn 't support that... then it's used for subtly
| malicious purposes.
| brokenmachine wrote:
| The consumer should ALWAYS be able to return the product to the
| exact condition at the time of purchase.
|
| My Samsung had a nice feature for the alarms where you could
| say, "snooze" and it would hear you, instead of having to find
| the microscopic button. I have a big screen phone, WHY DO THEY
| MAKE IT SO SMALL?
|
| Of course they took that feature away with an "update" that
| provided nothing else useful.
| jcgrillo wrote:
| If they have to update it after they shipped it, that means
| they shipped it before it was done. I don't get why we all put
| up with that. And before you say "but what about the
| complexity?!?" I'll respond with "why do you think you need
| that?"
|
| I'd pay so much more for simple tools I can buy once and never
| have to buy another again.
| baby_souffle wrote:
| Are you excluding security specific fixes in that policy?
| neilv wrote:
| Most recent discussion on printer DRM firmware update jerkiness:
|
| _Brother accused of locking down third-party printer ink
| cartridges (tomshardware.com) 536 points by m463 5 days ago | 336
| comments |_ https://news.ycombinator.com/item?id=43261933
| neilv wrote:
| I wonder whether HP will get its comeuppance, for years of
| jerkiness, when an LLM is involved in most printer purchasing
| decisions, and that LLM will have been trained on Reddit, HN,
| etc.
|
| Or will consumer "AI" services offer "integrated placement" for
| brands, which also has the effect of neutering valid criticism of
| the brand?
| g-mork wrote:
| the annual LLM subscription came free with the printer
| zoeysmithe wrote:
| Probably never. The home printer market I imagine isn't
| anything anyone new wants to risk money in, and if they did,
| they'd just end up copying much what HP is doing anyway.
|
| Also I doubt anyone is giving some LLM their credit card and
| all printer brands have bad reputations online. People post
| when motivated and they're motivated to complain, not praise.
|
| In the meantime, I can still buy a Brother brand printer that
| seems to not have all the HP issues, or less so.
| dylan604 wrote:
| If someone created and sold a printer that did not care about
| the ink that was used, the people of the interwebs would go
| crazy in the forums when the shitty ink they used did not work
| correctly in the printer.
|
| This is not a defense for DRM'd cartridges, but just an honest
| look at how people will behave. The support for the company
| with a open ink policy would be astronomical for the complaints
| they will receive. Sometimes, people/users are the problem but
| there's no way to tell that to the customer without you being
| the dick. "the customer is always right" is such a bullshit
| fallacy that makes operating a business near impossible.
| spicybright wrote:
| I feel like the overlap of people savvy enough to want re-
| fillable carts and people not understanding what "only fill
| with high quality ink" means so they jump to blame the
| company is pretty small.
| dylan604 wrote:
| I see you haven't met the moms of the interwebs just yet.
| People will see something at the Dollar
| [Store|General|Tree] and think/expect it will work. People
| will buy things on Amazon/eBay/Temu/etc and expect it to
| work.
|
| I think your expectations of what people in the world will
| do is way too high
| cutemonster wrote:
| > If someone created and sold a printer that did not care
| about the ink that was used
|
| Why would anyone do that. Sounds like a strawman.
|
| All printers I've seen specify precisely what ink they need.
| And then you look up which 3rd party inks are compatible, so
| the printer gets what it want.
| dylan604 wrote:
| It's the 3rd party inks that I'm talking about. Who is
| verifying they are compatible? The Chinese company selling
| on Temu? Why would the 1st party verify a 3rd party?
| Licensing fees?
|
| The point is that companies don't want/need to support 3rd
| party, and by allowing 3rd party opens their devices up for
| complaint when 3rd party doesn't work.
| AlotOfReading wrote:
| Is this an age gap situation? What you're describing used
| to be the norm. You could go to the print shop with a
| cartridge and they'd fill it with whatever they had for a
| reasonable price. No one had to support third party
| cartridges (you'd refill the first party cartridges and
| third party cartridges were designed to be compatible).
| It was a perfectly acceptable system for everyone except
| the manufacturers, who weren't happy with consumers that
| would buy loss leader printers and skip the ink.
| pessimizer wrote:
| > the people of the interwebs would go crazy in the forums
| when the shitty ink they used did not work correctly in the
| printer.
|
| They definitely wouldn't, because this is a case of
| corruption being taken to the extreme. Official ink costs
| more than printers. If I bought awful bootleg ink three times
| and the last fake cartridge melted the printer into a
| smoldering pile of plastic, I could buy another printer and
| still break even.
| tredre3 wrote:
| > If someone created and sold a printer that did not care
| about the ink that was used, the people of the interwebs
| would go crazy in the forums when the shitty ink they used
| did not work correctly in the printer.
|
| There's no need for hypotheticals. Such printers do exist.
| People on the Internet tend to praise them (see this very
| thread). I'm sure people have had bad ink experiences, and if
| I search for it I will find them. But I highly doubt they'd
| blame the printer or the concept...
| Telemakhos wrote:
| I'm currently using a mysterious Chinese vendor's ink in my
| office DeskJet, and it's working better and longer than any
| HP cartridges ever did.
| wkat4242 wrote:
| Haha then brother will do great. Though they have been starting
| the scam also with their colour lasers.
| mrweasel wrote:
| We've been wondering why people keep buying HP printers for the
| past 10 years. The fact that they aren't bankrupt at this point
| is beyond me.
| bigtimesink wrote:
| It doesn't take very much effort to look at ink costs when
| buying a printer, so this is on consumers. It might even be the
| rational choice for low-income consumers since it's cheaper in
| the long run than buying a more expensive printer with a 25%
| APR credit card.
| runeofdoom wrote:
| Seems like the next logical step, really.
| criddell wrote:
| Has the meaning of _bricks_ changed? It doesn 't sound like these
| printers are permanently broken.
| SAI_Peregrinus wrote:
| Yes, years ago. People haven't used it solely to mean
| permanently broken for a long time, it now also means
| "temporarily inoperable" or "broken beyond the skill of one
| particular user to fix it". Much like how "literally" now gets
| used to mean "figuratively" the use of hyperbole has turned
| "bricked" into meaning "not actually bricked".
| Gigachad wrote:
| Nothing is permanently broken though. At some point you can
| start reflashing chips and replacing internal components.
| Bricked has always meant the device is inoperable and beyond
| easy repair.
| tredre3 wrote:
| When the flashing process fails and it leaves the flash
| corrupted, it's often impossible to do any further flashing
| attempts. Good products have an immutable factory partition
| to recover, but not all of them do. So I think it's unfair
| to claim that those devices aren't bricked just because
| yes, in theory, you can open the device and reflash the
| chip over SPI or JTAG.
| yborg wrote:
| I don't see how this characterization is wrong as a shorthand.
| Until HP comes up with an update, these printers don't print.
| If they never do, then it is literally true. There was a home
| router manufacturer that issued a firmware update that
| permanently disabled their product, users had to physically
| exchange them.
| redox99 wrote:
| People have been using hard bricked and soft bricked for a
| while. But this doesn't even seem to be soft bricked.
| dalemhurley wrote:
| After years of dodgy HP printers and their very expensive inks, I
| brought an Epson EcoTank. It cost a lot more but it prints are
| amazing and the Ink lasts forever. It took 2 years to get through
| the included ink.
| ForOldHack wrote:
| HP brings a broad new meaning to Dodgy. Shotty and shabby. Its
| wholly unethical how hey manage their affairs, but now to hear
| they are disabling their own printers, oh my how unfortunate,
| and I shall decline the gift of any, and inform potential
| buyers of their ... unwholesomeness. I was going to limit
| myself to brothers, but I hear they are now on the 'short term
| profits over everything.' type of CRM. Customer Relation
| Managment: Screw you.
| sedatk wrote:
| My local Costco always has Epson EcoTanks on sale, FWIW.
| paulydavis wrote:
| So what if I update the device without asking?
___________________________________________________________________
(page generated 2025-03-10 23:00 UTC)