The Princess and the HDD: Poor Design Choices

You’ll all remember my grand adventure in acquiring a photocopier. Well, it’s been a rollercoaster, I tell ya. While I still haven’t found a modification worthy enough to attempt, I have become increasingly frustrated. From time to time, I like to invite my friends and family over for dinner, and conversation naturally turns to things like the art on the walls, the fish in the aquarium, or perhaps the photocopier in the living room. Now, I dearly love to share my passions with others, so it’s pretty darned disappointing when I go to fire off a few copies only to have the machine fail to boot! It was time to tackle this problem once and for all.

When powered up, the photocopier would sit at a “Please Wait…” screen for a very long time, before eventually coughing up an error code — SC990 — and an instruction to call for service. A bunch of other messages would flash up as well; Address Book Data Error, Hard Drive Data Error, and so on. In the end I realized they all centered around data storage.

Pictured: the author, in his happy place, at peace with the copier.

Now, I’d already tried diving into the service menu once before, and selected the option to format the hard drive. That had led to the problem disappearing for a short period, but now it was back. No amount of mashing away at the keypad would work this time. The format commands simply returned “Failed” every time. What to do next? You guessed it, it was time for a teardown!

Thankfully, photocopiers are designed for easy servicing — someone’s paying for all those service calls. A few screws and large panels were simply popping off with ease; completely the opposite of working on cars. Spotting the hard drive was easy, it looked like some sort of laptop IDE unit. With only SATA laptops around the house to salvage parts from, I wasn’t able to come up with something to swap in.

A bit of research (and reading the label) taught me that the drive was a Toshiba MK2023GAS/HDD2187. Replacements were available on eBay, but if I waited two weeks I’d probably be wrist deep in some other abandoned equipment. It had to be sorted on the night. In the words of [AvE], if you can’t fix it… well, you know how it goes. I yanked the drive and, lo and behold – the copier booted straight up! Just to be sure I wasn’t hallucinating, I churned out a few copies, and other than the continued jamming on all-black pages, everything was fine. Literally all it took to get the copier to boot was to remove the ailing drive. Suffice to say, I was kind of dumbfounded.

The hard drive a.k.a. the villain of the piece.

I’m happy to chalk up the win, but I have to draw issue with Ricoh’s design here. The copier is clearly capable of operating perfectly well without a hard drive. It will give up its document server and address book abilities, but it will still make copies and print without a problem.

Yet, when the copier’s drive fails, the unit fails completely and refuses to work. This necessitates a service call for the average user to get anything at all happening again — causing much lost work and productivity. A better design in my eyes would have the copier notify users of the lost functionality due to the failed drive and the need to call service, but let them copy! Any IT administrator will know the value of a bodged work around that keeps the company limping along for the day versus having a room of forty agitated workers with nothing to do. It’s a shame Ricoh chose to have the photocopier shut down completely rather than valiantly fight on.

Feel free to chime in with your own stories of minor failures that caused total shutdowns in the comments. Video below the break.

73 thoughts on “The Princess and the HDD: Poor Design Choices

    1. Subjective in my opinion ( I haven’t read all the facts) But don’t some companies design products like this just to prevent further damage? Cruel to kind, so to speak.

      1. I think most companies design products like this to force the user to make a callout rather than just being able to make do.

        Take printer ink/toner cartridges that “run out” long before they actually run out.

      2. Where is the “further damage” when you disable a non functional HDD? There is no data to be lost. Data on the HDD is already gone. Any further access could lead to data loss only if somebody would rely on data stored successfully and would not get the message, that his data is not stored. But a simple “HDD not available” would prevent that.

      1. This was likely a marketing call. If the unit is not fully operational it may not fulfill the terms of the lease. There are also copyright infringement issues that the copy machine manufacturer may be on the hook for. The hard drive would store the evidence.
        Another factor in play is the terms of the lease. Some higher end copiers charge per copy and keep an image of those copies on the hard drive. They can verify the terms of the lease are being upheld during a scheduled “maintenance visit. This can also lead to a major HIPPA violation if the copiers are returned from the lease with sensitive information on the hard drive.
        My multifunction printer performs just fine without a hard drive.

    2. This probably was graceful degradation. The fact that it worked with the drive removed indicates that. The problem was probably that they didn’t account for the possibility of the drive hanging trying to correct some uncorrectable problem. I bet if the drive was a Red or RAID Edition drive with Time-Limited Error Recovery the failover might have worked without disconnecting.

    3. I’ll bet it never even occurred to them to test with a deliberately failed drive!
      Two of the scenarios their QA guys tested on are probably
      A) Working drive in…copier works…
      B) No Drive in…coper works…

      It probably never occurred to them that they should stuff a deliberately messed up drive in the unit to see what happens. I’ll bet that scenario isn’t checked across entire industries too; Automobile testing with transmission module installed & module missing, but perhaps not module deliberately messed up in some non-obvious way.

  1. +1 for the subjective part. This is probably not a copier for a small office , but something with more functions. If it continues working without some of those funcions (let´s be honest, people would look for a button to dismiss the error message and forget about it) then people would complain to support that it has caused loss of work, etc. So it is better to the machine clearly stop working when something is wrong, so that action can be taken, than it to continue working and mislead people into thinking all is working right.

    1. I used to love/hate the it still works if I do….. fixes. As a factory mechanic I threw many a DC motor out with bad armatures because the operators would tap them with hammers to keep them going rather than have us replace a set of brushes, then they would complain about how long the motor swap took. Sometimes “if its stupid but it works” really is stupid.

  2. My guess is that there is a tacit requirement in many companies to keep copies of everything printed (or at least recently) on the printer or photo-copier. That is also why many companies should be careful in selling or disposing of printers and photo-copiers as they may be inadvertently giving away sensitive data in the process.

    1. Think of it this way, most Service Departments lose money for the company, through warranty repairs, customer (re)education, declined repair estimates (it may take most of the time just isolating the problem and actually repairing it before, an accurate “estimate” can be given, and if the customer refuses the estimate, replace the defective parts and send it back to customer). Yes, Service Contracts can be moneymakers, but without that income the company would lose enough money to impact sales profits, especially if something unforeseen happens, such as when zillions of electrolytic capacitors started failing about 20 years ago.
      Disclosure: I work in a repair department.

      1. It’s true, copiers are a different world because practically all of them are leased. With, as russdill says, a service contract. Sales isn’t selling hardware so much as maintenance agreements, because basically no end-user outright “buys” a copier. (There’s a second-hand market which is incredibly tiny, though the companies don’t mind picking up a little pocket change doing billable service work on those.) Therefore, in one sense repairs are always done on the company’s dime and “lose” a ton of money, but in the other sense they’re the actual product that the company sells so really they’re the entire profit center.

  3. Surprise!
    The maker of an office-related product designs it in a way that makes it hard or even so expensive to service that customers will get a new machine?
    Unheard of…

    1. Nope. It’s all about the service contracts. Big businesses and manufacturers of tools for those businesses often times have big service contracts. The manufacturer will send a service person to the business to get the equipment up and running ASAP, and the business can be up and running quickly. There are also a variety of laws and/or regulations regarding keeping backups of copies (for the purpose of serving as evidence in crumble cases). Also look up yellow dot patterns. Nearly all photocopiers and printers generate a very subtle yellow dot pattern that can be used to ID paper to printer, again for law enforcement’s use. A photocopier that no longer stores that backup is a legal liability, especially to a manufacturer leasing the equipment (rather than outright selling it).

  4. if this approach was standard then the moon missions, voyager, mars explorer’s, etc would all have failed….. its about generating cash for service and supplies

    1. The Check Engine light’s real goal is to make sure that all your emissions control systems are working as intended and alert the driver (as well as emissions inspectors) – so a loose gas cap leaking a bunch of gas fumes into the air does technically mean your emissions control systems aren’t working.

      1. I know!
        But when there is a digital readout the lets me know if either I’m due for an oil change, didn’t close the trunk door all the way, or have a low tire, ect., a little “check gas cap” isn’t too difficult to display for a day before illuminating the dummy light.

        1. I’d rather have it display any of the trouble codes I want on a little LCD or VFD setup. There’s a lot of other cases where it’s some little and easily swapped part.

          Maybe I need to cook up one of those myself…

          1. Vehicles need to have difficulty levels for their user readouts. Some people want to see a thermometer icon for overheating, or a check engine light for the loose gas cap. I want a message that means something. My vehicle display is more than capable to this, and the hardware can diagnose itself without an ODB dongle.

          2. Most of the cars now have some type of digital display, and a CAN/ODB II bus, so how hard would it be to build a diagnostic library with different levels of information in it? Are you a non-technical driver, like my mom? You get the level 1 information with the option to go deeper. Are you a shop mechanic with training? Level 3 will give you the diagnostics, schematics, part numbers, and even quick video of the actual process if needed. I think back to the old “Knight Rider” car, Kitt. My car should be more than capable of telling me what’s wrong with it and how to fix it.

          3. There is a good solution to this I’ll get to in a minute, but they’ll never do this for three reasons
            1. nothing is forcing them to.
            2. The extra money required won’t help their technicians anymore than the current diagnostics systems they already have and the current off-car diagnostics systems are easier to update since they control when it’s on. If they send the update over the air, it can get complicated when some cars are located in places with poor reception.
            3. If the vehicle displays extra info, people will always want more, to the point that they want the dash display to tell them exact what part and what part number they need to buy. Sometimes repairs are not always so cut and dry. IE: Is the sensor bad or is it the wiring going to the sensor that melted? The computer may not be able to tell.

            The easiest solution is to write an app that does the following:
            1. auto connects to the ELM327 OBD2 Bluetooth dongle
            2. pulls the codes
            3. googles each code along with the year make, model and engine of the vehicle
            4. filters the results to only include results from forums, not parts sellers.

            5. for a bonus it could scrape the pages for keywords and look up prices for those parts mentioned frequently.

            For some vehicles it will only display an error, such as Mercedes, it will only say “diagnosis unknown” since it’s very common for even the Mercedes dealer to not know which parts to replace to remedy some common codes.

          4. @rollinns
            #2 is a moot point, I hope you’re aware that certain vehicle diagnostic utilities need to connect & auth on the manufacturer server before being able to change certain parameters/reset certain things.

  5. We have some critical machines at work that have BIOS checks for SMART failures, pausing boot for acknowledgement if a disk is on the way out. Unfortunately BIOS does this check for ALL the disks, not just the boot drive. This has bitten us a few times during remote upgrades of machines as they typically have long uptimes.

    I wouldn’t be surprised if the embedded PC in the copier has this same issue, and the manufacturer never ran into this as they didn’t think to test with an ailing disk.

    1. Just today, we had an electronic test stand (over $100k) go down for over half the day because Windows 7 had to download over 200 updates, then when it failed during install it rescinded the update and we’re looking at doing it all over again the next time we have to reboot the machine. Whatever “engineer” (dumbass) spec’ed one of the most crashy, backdoored, and overridden OS’s for a major machine control system needs to turn in his geek card.

      1. Yep….

        Windows 7…
        I get an update notification about 30 minutes into my day that forces a restart. All my work is lost.
        10 minutes after the reboot, I get another update notice. OK, I’ll voluntarily reboot.
        10 minutes after reboot… another notice.
        Then another.
        Then another.
        For 4 days, my work PC would not run for more than an hour before prompting for an update thus forcing a restart.

        My only reprieve from all of that was I got paid to do jack shit for four days.

        Now, Win7 updates take an average of about 8 hours as Windows 7 tries to figure out whatever the hell is wrong with it. And yes… I have to sit on my ass the entire time.

        I’m not sure if it’s any better than XP and the infinite install the same patch over and over bug.

        On a somewhat unrelated note there’s Windows 10, I now call my Win10 commands, suggestions because Win10 usually decides something else is more important and does that instead. “Hey, Win10. I need to connect FTP into the server and do some maintainence.” “SORRY ASSHOLE, I NEED TO THRASH MY HARDDRIVE AS I PROMPT YOU TO SIGN UP FOR MY DADS CLOUD SERVICE. FOR BEING A DICK, I’LL TAKE TEN MINUTES TO DO THAT.”

        Aaaargh!

        My great favorite is the inability to schedule Win10 outside eight hours because… you know… some people actually don’t use their computers for more than 12 hours at a time.

        Or when Win10 loses the “network” it refuses to re-establish said connection.

        Or the bone headed way one does environment settings.

        If only my company would let me ditch Windows entirely.

        1. I feel your pain.

          I mistakenly reused a ROCK-branded laptop with windows 10 as a test-rig to test touchscreen 37″ monitors (Customer order point displays).
          For a laptop with a 2.8Ghz core2Quad (LGA) and two MXM GT9800m (m for mobile variant) in SLI and has 3 HDDs with 8GB main RAM, it took about 4 hours before it became usable, just updating and thrashing ALL HDDs!!!

          Removing the WiFi card fixed that, otherwise it’ll still thrash itself even if the OS claims it has switched off the WiFi card!!!!

          P.S. I got said laptop for a quid, I only wanted the 1920x1200px screen for another laptop, a reflow of the only bad GPU fixed this thing.

      2. Get Autopatcher. Download all the Win 7 updates then install them offline. WSUS Offline is another thing that does this, but with much less control over what gets installed.

      3. Be happy they did not choose windows 10. That is not only crashy but even more backdoored and spys on you. And you can not turn off the auto update – which you could have done on your Win 7 machine.

  6. I had heard that the Gov”mt wanted a record of all “coping” for investigation purposes.
    If some one understood that the thing they were coping would have a record of its existence, they may find another way to make copies.
    So with the error message, the secret was kept safe.

    I am sure if such a request had been made to the manufactures for these records, a business decision was made on how to deal with this type of failure.

    Copiers were mass communications before email.

    1. Last machine I had that required an IDE hard drive in the 2.5″ form factor… after research I ended up replacing it with a mSATA SSD on an mSATA → IDE adaptor cradle.

      If the drive is only small, CF is worth doing since an 8GB card can be had for AU$20 and will get the job done.

      If the drive is a little bigger (in my case, the failing drive was a 250GB), then it is more economical going mSATA. AU$60 off Amazon for an adaptor, source a 60GB mSATA SSD locally for about AU$50 and you’re away. In my case, I spent a bit more to replace with like-for-like, putting a 250GB mSATA SSD in, the teenage laptop hasn’t missed a beat.

  7. ….monday afternoon, one of our photocopiers just turned itself off after a paper-jam was fixed. Three days later a tech turned up (yesterday), and removed one tiny small insignificant piece of paper that was sitting over one sensor. This one bit of paper caused the device to shutdown. Upon attempting to bootup, it would get 20 seconds into its initialisation screen, and simply turn off again. No error codes, no messages, nothing. Just off. Not even a “call for service” message.

    1. That’s a safety feature. As far as the sensor could tell, there was a sheet of paper that wasn’t moving in there. If a sheet of paper gets stuck in the fuser and the machine keeps operating, eventually that 392°F roller is going to start smoldering. (451°F is the flash-point for average paper, but long-term exposure to 392°F will do it, especially if there’s molten toner in play.) If the copier predates Energy Star, it may heat the fuser up to working temperature upon startup, so an immediate shutdown at boot would make sense to avoid an office fire. It really SHOULD kill the fuser and the motors and display an error, but at least it’s programmed to fail safe.

    1. I’ve been there!

      I’m sorry, you cannot scan that document because you are out of yellow ink. Now please drive to the store and buy a cartridge for $40. Mwaaa hahaha. :/

      1. You want to print a black and white document???
        SORRY YOUR MAGENTA IS LOW!!!!

        Sounds like most printers though.

        I wish I’d not chucked away my old cartridges for my HP office-in-a-briefcase printer. The original cartridges were empty (Still had a pool of cyan and magenta left in the heads) when I got the printer from the boot-sale, it’ll moan, press feed once that session and it’ll happily print hundreds of blank pages, until the next session.
        I don’t trust the replacements to suddenly not jet out the ink when its internal counters have ran out.
        I’ll find out when it does though.

    2. Yeah, but at times the opposite can be true:

      (1) A printer I was working on informed me that there was a problem with the scanner (I hadn’t reconnected it) so scanning, copying, and faxing were not available, but printing could be used.

      (2) Several printers have a fall back strategy that when the black ink it out, they wil using CMY to print in a somewhat dark gray. Sure beats not printing at all.

  8. It may be subjective but I have to agree. I work in an R&D office that designs equipment for the metal forming industry. The guys who write the software have not the first clue about how the end user’s business works, the people who operate the machines, the people who service the machines and what happens to a little workshop when the equipment goes down. Just spit out an error code and call for a serviceman… forget that the serviceman might be days away in another state. It’s a constant battle trying to drum into their heads not everyone has a degree in CS.
    And DougM I have a (ahem Brother) printer that stopped printing because it was low on toner. A piece of tape on the sensor window fixed that and let me use all the toner that was still in there for another couple of months.

    1. And then printer companies got clever and stated putting chips in the cartridges. Hackable yes, but a tall order for someone without a chip reader and the knowledge to use it.

      1. And then printer companies got more clever and started putting “ORIGINAL” chips in cartridges and demanding replacement cartridge be “ORIGINAL” as well.
        After a week the toner that came with the SAMSUNG printer run out, (actually the counter did it still has plenty of toner left) and the remanufactured toner gave a message, SORRY ASSHOLE, GO BUY THE ORIGINAL FOR TRIPLE THE PRICE AND COME BACK TO PRINT. ASSHOLE.

  9. The one I fixed in my car recently stands out to me though I’ve certain had others which were more relevant. In my car is the infamous Passlock II “anti-theft” system. The system has a complex network running out to everything in the engine which I believe is meant to be diagnosed with a Tech II scanner. Don’t confuse Tech II scanners with ODB scanners, it’s annoying how many people confuse those, two totally different networks that just happen to touch on some of the same parts. Anyway what I found in this system baffled me as one of the worst design choiced I have ever seen. If the indicator light in the dash that indicates whether or not the “anti-theft” system is armed is blown, the “anti-theft” system locks down the car so that you can’t start it with a key and if you start it manually by jumping voltages across the starter and coils (like the computer does) locks the fuel injectors. In other words it’s treated exactly the same as trying to start the car without the correct key.

    After scratching my head for awhile I found there was a chip in the radio the anti-theft talks to. As far as I can tell this chip serves just two purposes. It stores that shut down program for the light, which is a duplicate of the shut-down program in the car’s body control module. It also stores radio presets. It’s a very simple memory chip that could be reprogrammed over serial at 100Hz but my solution was far simpler. Clip the Vcc pin. Indicator light still works as expected but no longer can send the chip the commands to move the shut down program out onto the execution unit. Lost radio presets but that’s no biggie when you have your phone tied in with an aux line. A lot better than a blown light causing full lock down.

    For reference changing the light is non-trivial, you have to tear apart half of the dash to get to it and risk breaking potentially brittle wire harnesses. I don’t open those dashes without some duck tape to reattach harnesses and electric tape to splice brittle sections of wire out.

  10. 1995 Buick Century. It has two bulbs in the 3rd brake light. If one burns out, nothing happens except half the light not lighting. If both burn out, does it turn on a “Check Lamps” light on the instrument panel?

    Noooo. It disables the cruise control and antilock brakes, without informing the driver about the *real problem*.

    A system sophisticated enough to detect that both bulbs in a lamp are burned out is sophisticated enough to tell the driver exactly what the problem is – instead of disabling other things so the driver is left thinking “WTH is broken?”.

    Remember when Cadillacs and Lincolns had fiber optic lines to all the lamps, all running to a place inside so at a glance the driver could see that all bulbs were working? Dead simple and durable, and if a bulb burned out the driver could see it was, and it didn’t disable anything.

      1. maybe those lamps are connected in parallel and the other systems in series with it. One lamp out, the system works, two lamps out, open circuit, the system stops.

        1. Yeah, I got a circuit break in the tailgate harness of a Ford wagon, 3rd brake light again, and the first thing I knew about it was the radio, and front washers and wipers failing to work.

          The factory diagnostics procedures were extremely useless for that. I spent a couple of days going through them multiple times, having been assured that this was the most reliable, accurate and fastest way of diagnosis… nope… I gave up with running round in those circles and did the nose to tail circuit isolation and multimeter testing, which took only an hour or so, and chased it all the way to the tailgate.

          It was some weird backfeed through the lighting circuit, and through the lighting switches and brake switch, which knocked out wipers and radio.

  11. The same goes for my HP OfficeJet printer.
    One time, I needed to scan a document.
    Halas, the ink cartridge was empty.
    And according to HP, you can’t scan a document without a full cartridge!

  12. Hold on, you want a manufacturer to bother to write the code to downmode the machine when a part fails? That costs development time. And then the service centers don’t get calls to fix the souped up copiers.

    I see this type of mentality in many things we deal with here at work. Thankfully our bunch knows the pitfall and will disable defective devices to restore partial functionality. When the parts or license keys arrive, we restore the system to full operation. Too many vendors seem to write to a point then stop. Damned shame.

  13. The hard drive is almost certainly an optional extra for the copier; it’s no surprise it works without it.

    As for it NOT working when the disk fails… well, hard drives—especially older ones—have this way of failing where the drive electronics still respond “I’m here” but when you ask it to actually DO anything that involves the mechanical parts, that operation fails. Yes, SMART is supposed to solve this, but SMART doesn’t always work… and with an old printer, it’s not likely that the microcontroller knows anything about SMART. So: Drive installed, printer sees drive, assumes hard drive option is installed and available, and fails gracelessly when the drive fails to respond as expected. Drive removed, printer sees no drive, does not try to access hard drive option, works fine.

    I used to be a top-tier support tech for a major printer/copier manufacturer. None of our products handled optional hard-drive failure gracefully. Neither, for that matter, did PCs.

  14. Apparently LEDs are _really_ expensive.

    Why else would Samsung insist on using only two LEDs to indicate various printer problems and then require you to have the manual handy to decode the sequences?

    Let’s see blinking orange means “paper jam” but solid orange means “toner low”? And blue LED off means its in “standby” or is that “WiFi” active?

    1. And then there are *four* LEDs to show what kind of paper is currently selected.

      Another example: the Nintendo DSi has a dual-color LED for battery status and another LED for WiFi. Couldn’t they just blink the power LED on WiFi activity, like the older DS?
      Even worse: the 3DS has six (!) status LEDs, one of which is almost always off (the one used for notifications). It looks like Nintendo can get LEDs for very cheap.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s