Most active commenters
  • greenavocado(3)

Maestro Technology Sells Used SSD Drives as New

(kozubik.com)
129 points walterbell | 57 comments | 12 Nov 25 18:29 UTC | HN request time: 1.361s | source | bottom
1. LeifCarrotson ◴[12 Nov 25 18:44 UTC] No.45904120[source]
It's crazy to me that rsync.net is buying mission-critical enterprise drives on Amazon.

I don't buy drives on Amazon for my 9 year old's laptop because of the rampant fraud and counterfeiting, I'm shocked that they're trusted for any business use-cases by anyone moderately savvy. I'm even more shocked that the takeaway is to blame the individual seller, rather than the marketplace that makes it possible.

replies(9): >>45904215 #>>45904243 #>>45904260 #>>45904264 #>>45904270 #>>45904275 #>>45904795 #>>45905411 #>>45905950 #
2. esafak ◴[12 Nov 25 18:49 UTC] No.45904215[source]
Marketplaces only work when the participants maintain a reputation. The buyer here is doing his part.

See also: https://news.ycombinator.com/item?id=45896707 (HDD shortage)

3. epistasis ◴[12 Nov 25 18:50 UTC] No.45904243[source]
First two lines of the article:

>At rsync.net we have trusted suppliers with verified supply chains and a long history of providing reliable service.

>However, from time to time, it is expedient to purchase parts from Amazon - something we do with care and suspicion.

That seems like a very reasonable and non-crazy approach to using Amazon.

replies(2): >>45904278 #>>45905009 #
4. monocasa ◴[12 Nov 25 18:52 UTC] No.45904260[source]
I mean, if you're a storage business, hopefully you've designed your architecture such that you assume drives will go bad, so you characterize the models of drive to make sure that not all the copies are on one manufacturer, and then you can take liberties finding the cheapest storage on the market. This only comes back to bite you when you didn't account for (because you didn't know) that there was decreased longevity, so your TCO calculation was off and you might not make as much money.
replies(1): >>45906268 #
5. greenavocado ◴[12 Nov 25 18:52 UTC] No.45904264[source]
I buy used enterprise hard drives that have been pushed hard. My current biggest NAS runs six used 14 terabyte enterprise hard drives and three have failed so far within a year. Each time I was able to get a warranty replacement and the replacement was in much better condition than the original ones I had. Zero data loss because of ZFS RAID Z2. I was able to measure the condition of the surface of the platters and other useful metadata using Victoria https://hdd.by/victoria/ included on Hiren's BootCD PE.
replies(1): >>45904693 #
6. abanana ◴[12 Nov 25 18:52 UTC] No.45904270[source]
> blame the individual seller, rather than the marketplace

I'd have thought the fraud problems from "commingling" were well-enough known by now to avoid wanting to blame any specific Amazon Marketplace vendor, but perhaps not.

7. Szpadel ◴[12 Nov 25 18:52 UTC] No.45904275[source]
from time to time your trusted supplier might be out of stock and you need drivers quickly

even backblaze bought drives in supermarket when there was HDD shortage

8. greenavocado ◴[12 Nov 25 18:53 UTC] No.45904278{3}[source]
As I pointed out in another post if you are using ZFS RAID Z2 you can use literal used garbage hard drives safely without risking data loss.

ZFS helped me discover that my motherboard SATA chip can't handle 6 drives; I had to purchase a cheap Chinese PCI Express SATA controller to communicate with my drives reliably and error-free.

replies(3): >>45904300 #>>45904308 #>>45904689 #
9. dsr_ ◴[12 Nov 25 18:54 UTC] No.45904300{4}[source]
Not for special VDEVs, which is the explicit purpose here.
replies(1): >>45904549 #
10. ◴[12 Nov 25 18:54 UTC] No.45904308{4}[source]
11. ◴[12 Nov 25 18:55 UTC] No.45904335[source]
12. p1necone ◴[12 Nov 25 18:59 UTC] No.45904405[source]
Can you flash fake SMART data to drives? I suspect that's exactly what Maestro will start doing now (although it's possible it's not worth the effort for the small number of customers who will actually check this stuff).
replies(1): >>45905836 #
13. nubinetwork ◴[12 Nov 25 19:00 UTC] No.45904451[source]
I bought a stack of WD gold drives several years ago that had several thousand hours on them as well. I believe I got those off Newegg. When I asked, they said something about initial testing, but why didn't they reset the counters before selling them? Who knows.
replies(1): >>45905130 #
14. Syzygies ◴[12 Nov 25 19:04 UTC] No.45904528[source]
"Other than returning the four parts for a refund (which we did) and documenting this behavior here, our only other recourse was to guarantee that these four specific parts were never sold as new again:"

Alas, one can completely remove Sharpie writing from metal with 99% isopropyl alcohol. Did they make a better choice? This looks like Sharpie writing to me.

replies(4): >>45904670 #>>45904815 #>>45904982 #>>45906428 #
15. nubinetwork ◴[12 Nov 25 19:05 UTC] No.45904549{5}[source]
You can mirror a slog... l2arc doesn't need a mirror because the data is already on disk. I believe a split metadata can also be mirrored.
replies(2): >>45905345 #>>45907045 #
16. nekusar ◴[12 Nov 25 19:11 UTC] No.45904670[source]
https://www.amazon.com/Janlaugh-Resistant-Laboratory-Permane...

Alcohol/solvent resistant markers.

replies(2): >>45905110 #>>45906084 #
17. 2OEH8eoCRo0 ◴[12 Nov 25 19:12 UTC] No.45904689{4}[source]
I'd be more worried about a supply chain attack with malicious devices.
replies(1): >>45905479 #
18. iberator ◴[12 Nov 25 19:12 UTC] No.45904693{3}[source]
Which manfucaturer is the best and worst one?
replies(4): >>45906460 #>>45906494 #>>45906541 #>>45906710 #
19. lgats ◴[12 Nov 25 19:14 UTC] No.45904731[source]
does amazon still do inventory co-mingling ?
replies(1): >>45904919 #
20. Aurornis ◴[12 Nov 25 19:17 UTC] No.45904795[source]
> I'm shocked that they're trusted for any business use-cases by anyone moderately savvy.

I buy drives on Amazon all the time. I check them all. Never had any problems.

The mistake they made was buying not from Amazon, but from "Maestro Technology" listing on Amazon. If you understand that Amazon is a marketplace and you take 10 seconds to read who you're buying from, it's not a problem.

Amazon returns are also extremely easy. I once gambled on a sketchy seller and received a bad product (not computer related). A couple clicks and it was on its way back for a refund.

The problems with inventory commingling are virtually a thing of the past. I went through the process of selling a product on Amazon and understanding their evolved inventory labeling and commingling procedures so I'm not worried. Many of the tech community are anchored to news articles from years ago, though.

If you have a highly trusted vendor who can deliver at great prices and have products in stock that show up at your door when you need them, then use that. For the rest of us, using Amazon to buy common parts isn't really the problem that it's made out to be in HN comments. I think a lot of people here only understand Amazon through the occasional article that makes it to the top of HN and they don't understand what it's really like because they've been too scared to use it for years.

replies(2): >>45905334 #>>45907041 #
21. observationist ◴[12 Nov 25 19:18 UTC] No.45904815[source]
You can also remove sharpie writing using sharpies and a wet wipe - write over and wipe while its still wet. The dry pigment will dissolve in the solvent in the fresh ink.
replies(1): >>45904863 #
22. doubled112 ◴[12 Nov 25 19:21 UTC] No.45904863{3}[source]
My favourite trick is to write over Sharpie with a dry erase marker and erase it all.
23. khernandezrt ◴[12 Nov 25 19:21 UTC] No.45904864[source]
Whats stopping a more clever company from resetting the smart data on an ssd and reselling?
24. alwa ◴[12 Nov 25 19:24 UTC] No.45904919[source]
That was my first thought too. Apparently they’re “phasing it out” by “the end of this year” [0]

I did not know, per that article, that Amazon had for some time now offered motivated third-party sellers a means to avoid commingling by applying a “fulfillment network SKU” barcode to their goods. And that they estimate merchants spend $600mm a year on that type of “restickering.” Expensive, but possible.

[0] https://www.geekwire.com/2025/after-years-of-backlash-amazon...

25. realusername ◴[12 Nov 25 19:27 UTC] No.45904982[source]
They can do it but they likely won't bother at scale.
26. 0x1ch ◴[12 Nov 25 19:28 UTC] No.45905009{3}[source]
This is how we operate at my job. We go through our trusted and reliable vendor, who gets us good pricing but doesn't always control shipping times. If it's urgent, Amazon will be delivered within 48 hrs.
27. hexbin010 ◴[12 Nov 25 19:34 UTC] No.45905110{3}[source]
But are they genuine and unused? !
28. toast0 ◴[12 Nov 25 19:35 UTC] No.45905130[source]
> I bought a stack of WD gold drives several years ago that had several thousand hours on them as well. I believe I got those off Newegg. When I asked, they said something about initial testing, but why didn't they reset the counters before selling them? Who knows.

Thousands of hours doesn't pass the smell test. There's no way a specific SSD goes through months of testing prior to sale. A couple of hours seems reasonable though. And I'd rather it not be easy to reset the counters, so they don't reset the counters after testing during manufacturing/burn-in.

29. tgsovlerkhgsel ◴[12 Nov 25 19:44 UTC] No.45905317[source]
This is how it's done - name and shame!

Without it, there isn't enough incentive to try and just eat the cost of a refund in the rare case they get caught.

30. tgsovlerkhgsel ◴[12 Nov 25 19:45 UTC] No.45905334{3}[source]
The problem is that you might not be able to tell a used drive from a new drive if the scammer bothered to reset the SMART data.
31. favorited ◴[12 Nov 25 19:46 UTC] No.45905345{6}[source]
That's correct. I ran a special metadata VDEV 3-way mirror using this NVMe PLX card for a while https://imgur.com/a/xiwzkA6
32. indigodaddy ◴[12 Nov 25 19:49 UTC] No.45905391[source]
Back in my NOC tech/datacenter days, we grew to trust drives with a combination of 10000+ poweron hrs + {zero SMART errors / zero reallocated sectors / zero pending sectors} actually more than a random unknown new drive.
replies(2): >>45905558 #>>45906870 #
33. rsync ◴[12 Nov 25 19:50 UTC] No.45905411[source]
"It's crazy to me that rsync.net is buying mission-critical enterprise drives on Amazon."

We don't.

"At rsync.net we have trusted suppliers with verified supply chains and a long history of providing reliable service."

...

"However, from time to time, it is expedient to purchase parts from Amazon - something we do with care and suspicion."

... and that care and suspicion takes the form of physical and logical inspections and extended part burn-in.

As you can see, this QC process caught these mis-labeled parts.

34. stavros ◴[12 Nov 25 19:55 UTC] No.45905479{5}[source]
What kind of supply chain attack can one mount with a disk?
replies(1): >>45906593 #
35. Terr_ ◴[12 Nov 25 19:59 UTC] No.45905558[source]
Pre-tested, as it were?

https://en.wikipedia.org/wiki/Bathtub_curve

36. humanpotato ◴[12 Nov 25 20:04 UTC] No.45905648[source]
Alcohol or lacquer thinner will remove Sharpie in no time. I use Sharpies as temporary markers on smooth metal for this reason.
37. antisthenes ◴[12 Nov 25 20:08 UTC] No.45905713[source]
This drive model is 7 years old.

It is WILD that anyone in tech assumes this will come as new. Simply no one makes the same model of "consumable" for 7 years. Intel doesn't even sell Intel-branded SSDs anymore, that division was spinned off.

It's also WILD that you would trust something as sketchy sounding as "Maestro Technologies" for a mission-critical task.

I bet they were cheap though.

replies(2): >>45905737 #>>45905916 #
38. 1970-01-01 ◴[12 Nov 25 20:09 UTC] No.45905737[source]
New old stock is a thing.
39. galaxy_gas ◴[12 Nov 25 20:15 UTC] No.45905836[source]
Yes, most of the used Amazon SATA Rotated Drive its do this with "fresh" data.
replies(1): >>45906192 #
40. hex4def6 ◴[12 Nov 25 20:19 UTC] No.45905916[source]
First of all, neither of those WILD facts seem that wild to me.

Intel did last orders for that drive Dec 30 2022. The article was written in April, so the author was conceivably purchasing drives that had sat on a shelf for a year and a half. That doesn't tickle alarm bells in my head.

Secondly, maybe my scam detector isn't well tuned enough, but "Maestro Technologies" doesn't seem that much stranger than "Apple" or "Micro soft" or "Zoom" or "Snap." If it were XBBHHZZZAA, LLC, maybe I'd have more room for pause.

The takeaway lesson here is that Amazon has become less and less reliable as a source for items. It's especially bad if it's purchased from a third party (something Amazon seems keen not to highlight on the purchase page), but even FBA is not free of trash. They straight up sell pirated N64 cartridges for example: https://www.amazon.com/Cartridge-Nintendo-Smash-64-Video-Ver...

41. runjake ◴[12 Nov 25 20:21 UTC] No.45905950[source]
Jumping on two add I've now had 2 experiences of buying counterfeit drives on Amazon from different sellers. I've probably ordered only 4 hard drives off of Amazon ever, so that's a 50% counterfeit rate.

Both sellers issued refunds without trouble because I bought them under Prime. One seller seemed genuinely surprised they had a counterfeit in stock.

Both of these counterfeit drives look very, very convincingly authentic, except the serial numbers don't match real ones and don't validate as real ones with the OEM.

The first time, I actually argued with Seagate over it being real, until they pointed out that aside from the serial number not being in their databases, it's not even in the correct format for any of their drives.

If you care about your drives and you're buying on Amazon, only buy under Prime. And when they're delivered, check the serial numbers with the OEM first thing (usually via warranty validation). Don't buy anything not on Prime.

42. 1970-01-01 ◴[12 Nov 25 20:28 UTC] No.45906084{3}[source]
One spray of brake cleaner and it's gone. Cheaper to use a carbide scribe or simply get a shard of glass or ceramic and physically scribe into the drive. Now they're permanently used drives, no debate is possible.
43. turtletontine ◴[12 Nov 25 20:33 UTC] No.45906192{3}[source]
Is there any way to tell if the SMART has been reset/tampered with in any way? If you have a drive that claims to have 0 hours of use, but it quickly starts to rack up failure indicators… how can you tell if it’s spurious failures or a fraudulent tampered drive?
replies(1): >>45906441 #
44. rsync ◴[12 Nov 25 20:37 UTC] No.45906268{3}[source]
I agree with this.

However, an even more fundamental philosophy behind any work that we do is "defense in depth" which means that even after building the fault-tolerant, anti-fragile system, we also spend time and resources qualifying the inputs ...

... and then spend time and resources monitoring the outputs (error rates, failures, correlation, etc.).

Any one of those pieces is, theoretically, sufficient. Layering the pieces in a defense in depth strategy is what gives us the highly confident posture we enjoy.

45. azinman2 ◴[12 Nov 25 20:48 UTC] No.45906428[source]
That’s your takeaway?
replies(1): >>45906853 #
46. beala ◴[12 Nov 25 20:49 UTC] No.45906441{4}[source]
Seagate has a proprietary version of SMART called FARM. It’s supposed to be more tamper resistant than SMART, but it appears the fraudsters have figured out how to manipulate it too [1].

The best you can do is check FARM if available and perform a long burn-in with something like badblocks. Then compare the SMART data before and after the burn in. Checking the serial number against the manufacturers database if available is also a good precaution.

These are probably things you should be doing whether or not the drive is allegedly new.

[1] https://www.heise.de/en/news/Hard-disk-fraud-Larger-disks-wi...

47. crest ◴[12 Nov 25 20:49 UTC] No.45906442[source]
Good to see someone name and shame shady suppliers.
48. crest ◴[12 Nov 25 20:50 UTC] No.45906460{4}[source]
Check the Backblaze quarterly reports.
49. greenavocado ◴[12 Nov 25 20:52 UTC] No.45906494{4}[source]
I just get whatever is cheapest with a warranty of one or more years. RMA ability is most important when buying these kinds of heavily used decommissioned drives. ZFS RAID Z2 is absolutely key to preventing data loss here.
50. NicoJuicy ◴[12 Nov 25 20:56 UTC] No.45906541{4}[source]
https://www.backblaze.com/blog/backblaze-drive-stats-for-q3-...

> For those of you tracking the stats closely, you’ll notice that the Seagate ST8000NM000A (8TB) is a frequent flier on this list. The last time it had a failure was in Q3 2024—and it was just a single failure for the whole quarter!

51. 2OEH8eoCRo0 ◴[12 Nov 25 21:00 UTC] No.45906593{6}[source]
A malicious device plugged into your machine? The only limit is your imagination.
52. toast0 ◴[12 Nov 25 21:08 UTC] No.45906710{4}[source]
It almost doesn't matter. There's three choices for spinning drives and all storage devices fail (even SSDs), and you need a plan for that. There's variance in failure rates and warranty periods, but most (new) drives last the warranty period, and used drives is more complex than just manufacturer --- how were they used, stored, and handled before resale probably makes more difference than who made them.

IMHO, it's more important to consider correlated failures rather than worry about getting the best or avoiding the worst drives. Try to avoid running an array that's built from same model, same firmware, same build time, same power on hours, same workload. Every so often, you get things like drive disappears when power on time overflows, or a manufacturing error that makes most drives fail after N weeks of use, having all of your drives in the same part of their lifecycle makes you more likely to experience a catastrophic failure that failure rate analysis wouldn't pick up.

Picking SSDs carefully bears more fruit, there are many more makers and wider variance in performance and reliability as well as characteristics during failure: everyone says SSDs go read only during failure, but my experience has been that lots of SSDs disappear from their interfaces during failure; you might reasonably have less redundancy if you have confidence the SSD will remain readable for recovery if it fails.

53. huhtenberg ◴[12 Nov 25 21:17 UTC] No.45906853{3}[source]
Yep. They should've engraved it.
54. huhtenberg ◴[12 Nov 25 21:18 UTC] No.45906870[source]
Might've worked for HDDs, but SSDs have a cap on lifetime writes.
55. recursive ◴[12 Nov 25 21:32 UTC] No.45907041{3}[source]
I have never gone through the process of selling on Amazon. For those of us anchored to news articles from decades in the past, is there any public documentation of these procedures?
56. seany ◴[12 Nov 25 21:32 UTC] No.45907045{6}[source]
You can dump any vdev you want in a special. I have 2x 3 way mirrors in both of my nas boxes right now