Berkeley CSUA MOTD:Entry 36099
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2005/2/8-9 [Computer/SW/OS/Windows, Computer/HW/Drives] UID:36099 Activity:kinda low
2/8     I would like to destroy/wipe the data in a particular directory
        of a portable linux computer without wiping the whole disk. Any
        suggestions for how to do this easily?
        \_ rm. If you are worried aboyt someone undeleting and
           discovering your porno collection you can write a script
           and overwrite each file with /dev/zero bits.
           \_ any experience with "wipe"? http://abaababa.ouvaton.org/wipe
           \_ When you write data to a linux file, does it write the data to
              new sectors, or does it overwirte the original data in the same
              sectors?
           \_ Overwriting with 0 isn't good enough.  /dev/random might be
              better, but still isn't good enough.
                \_ If you are very concerned about getting rid of it, some
                   definitions of "military" grade wipe specify something
                   like 19 overwrites with as-random-as-possible 010101
                   strings.  Forensics outfits like Kroll and Guidance (and
                   even commercial SW like EnCase) can do some pretty unlikely
                   data recovery.  The only way to reliably completely
                   destroy drive contents is to physically shred the disk
                   after multiple sequential white noise overwrites.  -John
                \_ dropping it from Empire State Building is the best
        \_ rm -P
           This won't actually do the job (see
           http://www.sysinternals.com/ntw2k/source/sdelete.shtml for a windows
           utility that will do the job--source available) but it's better than
           nothing.  (Oops, I have no idea if that option is available on
           linux.)
        \_ The rm manpage recommends "shred". Anybody know if shread
           would work on ext3 with data=journal mode?
           \_ It should. If in doubt, mount the partition as ext2,
              run shred, unmount and remount as ext3.
2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2008/12/5-10 [Computer/SW/OS/OsX] UID:52174 Activity:kinda low
12/5    I suggest CSUA buy a Mac and run MacOS on it. Maybe run Linux in
        a VM, too. I think students will get more bang for their buck
        trying to run services on MacOS than with "Just Another Linux Box".
        \_ On what basis? We do have an AppleTV, which we've yet to hack
           so it runs full OS X, but as a OS X user myself, I don't see the
           OS being useful for useful services except if we get OS X server
	...
2007/7/17 [Computer/SW/Languages/C_Cplusplus] UID:47312 Activity:nil
7/13    CSUA Life Roster
1 point each for:                                               key:
                significant other (out of county rule applies)   G
                car (Chevy Novas do count)                       C
                housing (dorms DO NOT count)                     H
                own computer running reasonable multi-tasking OS U
	...
2007/4/13-16 [Computer/SW/WWW/Browsers] UID:46291 Activity:nil
4/13    I use IE7 to browse a web site, and the server says the UserAgent
        string is
        "UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET
        CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
        Is MS bowing to the Mozilla community?
        \_ What are you talking about?  IE has always reported its UserAgent
	...
2006/1/5-9 [Computer/SW/OS/Windows] UID:41250 Activity:nil
1/5     Heh.  Combining the power of Windows CE, Me and NT we have...
        Windows CEMeNT!
        http://photos1.blogger.com/blogger/5036/1165/1600/cement.0.jpg
        \_ That joke's--what--4? 5 years old?
           \_ thanks for posting; missed that 4 or 5 years ago.
	...
2005/6/27-28 [Computer/SW/OS/OsX] UID:38329 Activity:kinda low
6/27    For anyone who's owned a G5 running OS X (10.3 or 10.4), how often do
        you need to reboot if it's being used as a workstation?
        \_ Occasionally you will run into the Windows NT syndrome of the system
           needing a reboot for a system software patch - I'd say about once
           every couple of months on a stable release, and once or twice a
           month on a new one.  Other than that, I have never seen a piece of
	...
2005/6/2-3 [Computer/SW/Security] UID:37935 Activity:low
6/2     In the 'official' part of the motd it says ssh1 would be shut off,
        weeks ago no less, and yet it still seems to be on.  What up with that?
        \_ Whoever did the change neglected to restart sshd.  Fixed.  -jvarga
           \_ I just tried ssh from a Solaris machine to soda and I got "ssh:
              connect to host http://soda.csua.berkeley.edu port 22: Connection
              refused".  I tried both with and without the "-2" option.  Now if
	...
2004/9/24 [Computer/SW/Languages/Perl, Computer/SW/Unix] UID:33738 Activity:insanely high
9/24    I have a directory with a bunch of image files names DSCNxxxx.jpg.
        What's the quickest way to rename them all to Dscnxxxx.jpg? (just
        changing the capitalization of the first 4 letters).
        \_ foreach i (*.jpg)
           mv $i `echo $i | sed -e s/DSCN/Dscn/`
           end
	...
2004/7/13-14 [Computer/SW/WWW/Browsers] UID:32251 Activity:very high
7/12    In the news...
        "Continuing security problems have eroded Internet Explorer's
        popularity; the market share for Explorer has dropped by more than a
        percentage point from 95.48 percent to 94.42 percent..."
        Gee that's gotta hurt! Poor MS.
        \_ Although if you read a report that said non IE browsers have gained
	...
2003/8/29-2004/2/14 [Computer/Networking] UID:12259 Activity:nil
2/13    In NT or XP, is there a way to display the IP address of a remote
        machine when the remote machine is pinging my machine?  Thanks.
        \_ netstat?
              \- netstat is ridiculous for this. hammer. nail. bad. wrong.
                 i believe tcpdump runs on msftware:
                 tcpdump -i <if> 'icmp[0] = 8 or icmp[0] = 0'
	...
2003/12/15-16 [Computer/SW/OS/Windows] UID:11466 Activity:nil
12/15   My laptop doesn't have the "windows" key and I run WinXP. How can I
        lock the desktop quickly since I can't do WINKEY-L ?
        \_ Winkey = Ctrl-Esc
           \_ Not exactly.  You can't chord with ctrl-esc.
        \_ Ctl-Alt-Del, enter.
           \_ this is what I was gonna suggest. the real question is how
	...
2003/12/9-11 [Computer/SW/OS/FreeBSD, Computer/HW/Drives] UID:11387 Activity:nil
12/9    Can someone recommend a way to read the contents of a FreeBSD
        partition with UFS filesystems from a Windows box?  It's a laptop
        disk which won't boot properly by itself, FreeBSD doesn't like the
        USB case I've put it in very much, and I don't have a Mac handy. -John
        \_ You need an NT (I'm assumming you are running NT version of Windows)
           filesystem driver for UFS. Once that is installed you should be able
	...
2003/9/19-20 [Computer/SW/OS/Windows] UID:10261 Activity:nil
9/19    ATMs to run Windows:
        http://www.wired.com/news/technology/0,1282,60497,00.html
        \_ I just love the new BART terminals that run NT, and seem to
           be out of order 75% of the time...
           \_ Does anyone know what system they use for the New York Subway?
              It seems to work incredibly well.
	...
2012/1/4-2/6 [Computer/HW/Drives] UID:54281 Activity:nil
1/4     I want to test how my servers behave during a disk failure and
        a RAID reconstruction so I want to simulate a hardware failure.
        How can I do this in Linux without having to physically pull
        a drive? These disks are behind a RAID card and run Linux. -ausman
        \_ According to the Linux RAID wiki, you might be able to use mdadm
           to do this with something like the following:
	...
2011/9/14-10/25 [Computer/HW/Drives] UID:54173 Activity:nil
9/13    Thanks to Jordan, our disk server is no longer virtualized. Our long
        nightmare of poor IO performance should hopefully be over. Prepare for
        another long nightmare of poor hardware reliability!
        ...
        Just kidding! (I hope)
        In any case, this means that cooler was taken out back and shot, and
	...
2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil
2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...
2010/7/22-8/9 [Computer/SW/OS/FreeBSD, Computer/HW/Drives] UID:53893 Activity:nil
7/22    Playing with dd if=/dev/random of=/dev/<disk> on linux and bsd:
        2 questions, on linux when <disk>==hda it always gives me this off
        by one report i.e. Records out == records in-1 and says there is an
        error. Has anyone else seen this?  Second, when trying to repeat this
        on bsd, <disk>==rwd0 now, to my surprise, using the install disk and
        selecting (S)hell, when I try to dd a 40 gig disk it says "409 records
	...
2009/10/27-11/3 [Computer/HW/Drives] UID:53474 Activity:nil
10/27   I just read an article that Facebook had moved their database
        to all SSD to speed throughput, but now I can't find it. Has
        anyone else seen this? Any experience with doing this? -ausman
        \_ I hope you're not running mission critical data:
           http://ask.slashdot.org/story/09/10/27/1559248/Reliability-of-PC-Flash-SSDs?from=rss
        \_ Do you have any idea how much storage space is used by Facebook,
	...
2009/8/4-13 [Computer/SW/OS/Windows] UID:53239 Activity:kinda low
8/3     VMWare + Windows XP + Validation question. I need to test stuff with
        Service Pack 3 installed. I have a valid key that I own (yeah yeah I
        actually *bought* a copy, please don't flame me for supporting evil
        M$). Is it possible to register the key once, and then duplicate it
        for testing purposes?  Will Windows or Microsoft detect copies and
        disable the rest the copies?
	...
2009/7/28-8/6 [Computer/HW/Drives] UID:53216 Activity:nil
7/28    Does it make sense to defragment disks on VMWare? My 80GB disk
        on VMWare isn't really using 80GB, it just uses what it needs.
        Will defragment do anything to it?
        \_ If you want to speed up disk operation in your VM, it's best to
           defragment the disks in your VM, then defragment the disk on your
           host machine where the VM files are.
	...
2009/7/24-27 [Computer/SW/WWW/Browsers, Computer/SW/OS/OsX] UID:53191 Activity:kinda low
7/24    Firefox 3.5.1 on MacOS is a piece of crap. It crashes ALL THE TIME.
        It has crashed 3 or 4 times on me in the last hour, and not on
        the same pages either. The new Yahoo! home page also sucks ass.
        \_ os x keeps trashing my raid disk: '11 hours to rebuild. have fun
           with the kernel IO subsystem running like shit until then".
           Worthless piece of shit.
	...
2009/7/17-24 [Computer/SW/OS/OsX] UID:53156 Activity:kinda low
7/17    -rw-r--r--@
        What does the "at sign" mean? This is on Mac OS. VMWare disk file.
        \_ The file has metadata attributes
           \_ How do I add/delete attributes to files? What about
              -rw-r--r--+ <-- what is the "+" sign? Also how do you make
              tar preserve these attributes?
	...
Cache (156 bytes)
abaababa.ouvaton.org/wipe -> abaababa.ouvaton.org/wipe/
Scuba wipe -- A UNIX tool for secure deletion There are things you'd bettwe wipe... Wipe is a little command for securely erasing files from magnetic media.
Cache (6626 bytes)
www.sysinternals.com/ntw2k/source/sdelete.shtml
Mark Russinovich Last Updated: October 15, 2003 v12 Introduction One feature of Windows NT/2000's (Win2K) C2-compliance is that it impleme nts object reuse protection. This means that when an application allocat es file space or virtual memory it is unable to view data that was previ ously stored in the resources Windows NT/2K allocates for it. Windows NT zero-fills memory and zeroes the sectors on disk where a file is placed before it presents either type of resource to an application. However, object reuse does not dictate that the space that a file occupies before it is deleted be zeroed. This is because Windows NT/2K is designed with the assumption that the operating system controls access to system reso urces. However, when the operating system is not active it is possible t o use raw disk editors and recovery tools to view and recover data that the operating system has deallocated. Even when you encrypt files with W in2K's Encrypting File System (EFS), a file's original unencrypted file data is left on the disk after a new encrypted version of the file is cr eated. The only way to ensure that deleted files, as well as files that you encr ypt with EFS, are safe from recovery is to use a secure delete applicati on. Secure delete applications overwrite a deleted file's on-disk data u sing techiques that are shown to make disk data unrecoverable, even usin g recovery technology that can read patterns in magnetic media that reve al weakly deleted files. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete is presented with full sourc e code so that you can verify yourself that it works as advertized. Note that SDelete securely deletes file data, but not file names located in free disk space. SDelete Usage SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild ca rd characters as part of the directory or file specifier. What is more tricky is securely deleting Win dows NT/2K compressed, encrypted and sparse files, and securely cleansin g disk free spaces. Compressed, encrypted and sparse are managed by NTFS in 16-cluster blocks . If a program writes to an existing portion of such a file NTFS allocat es new space on the disk to store the new data and after the new data ha s been written, deallocates the clusters previously occupied by the file . NTFS takes this conservative approach for reasons related to data inte grity, and in the case of compressed and sparse files, in case a new all ocation is larger than what exists (the new compressed data is bigger th an the old compressed data). Thus, overwriting such a file will not succ eed in deleting the file's contents from the disk. Using the defragmentation API SDelete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files. Once SDelete knows which clusters contain the file 's data, it can open the disk for raw access and overwrite those cluster s Cleaning free space presents another challenge. Since FAT and NTFS provid e no means for an application to directly address free space, SDelete ha s one of two options. The first is that it can, like it does for compres sed, sparse and encrypted files, open the disk for raw access and overwr ite the free space. This approach suffers from a big problem: even if SD elete were coded to be fully capable of calculating the free space porti ons of NTFS and FAT drives (something that's not trivial), it would run the risk of collision with active file operations taking place on the sy stem. For example, say SDelete determines that a cluster is free, and ju st at that moment the file system driver (FAT, NTFS) decides to allocate the cluster for a file that another application is modifying. The file system driver writes the new data to the cluster, and then SDelete comes along and overwrites the freshly written data: the file's new data is g one. The problem is even worse if the cluster is allocated for file syst em metadata since SDelete will corrupt the file system's on-disk structu res. The second approach, and the one SDelete takes, is to indirectly overwrit e free space. SDelete does this using non-cached file I/O so that the contents of the NT file system cache will not be thrown out and replaced with useless data assoc iated with SDelete's space-hogging file. Because non-cached file I/O mus t be sector (512-byte) aligned, there might be some left over space that isn't allocated for the SDelete file even when SDelete cannot further g row the file. To grab any remaining space SDelete next allocates the lar gest cached file it can. For both of these files SDelete performs a secu re overwrite, ensuring that all the disk space that was previously free becomes securely cleansed. On NTFS drives SDelete's job isn't necessarily through after it allocates and overwrites the two files. SDelete must also fill any existing free portions of the NTFS MFT (Master File Table) with files that fit within an MFT record. An MFT record is typically 1KB in size, and every file or directory on a disk requires at least one MFT record. Small files are s tored entirely within their MFT record, while files that don't fit withi n a record are allocated clusters outside the MFT All SDelete has to do to take care of the free MFT space is allocate the largest file it can - when the file occupies all the available space in an MFT Record NTFS w ill prevent the file from getting larger, since there are no free cluste rs left on the disk (they are being held by the two files SDelete previo usly allocated). When SDelete can no l onger even create a new file, it knows that all the previously free reco rds in the MFT have been completely filled with securely overwritten fil es. To overwrite file names of a file that you delete, SDelete renames the fi le 26 times, each time replacing each character of the file's name with a successive alphabetic character. The reason that SDelete does not securely delete file names when cleaning disk free space is that deleting them would require direct manipulation of directory structures. Directory structures can have free space conta ining deleted file names, but the free directory space is not available for allocation to other files. Hence, SDelete has no way of allocating t his free space so that it can securely overwrite it.