[frgeek-michiana] Re: Thursday WH Report 07-29-2010
- From: Tony Germano <tony_germano@xxxxxxxxxxx>
- To: <frgeek-michiana@xxxxxxxxxxxxx>
- Date: Wed, 4 Aug 2010 11:20:53 -0400
I didn't think that DBAN in itself could destroy a disk either, but I guess you
are just referring to the constant writes for extended periods of time wearing
on the older drives?
One little nit picking thing, if you use dd with /dev/urandom as a source you
will write random values to the disk. You need to use /dev/zero to write
zeroes. Both would be equally effective in this situation.
My recommendations would be a small change to what you have already listed.
1. For a drive that is to be immediately loaded with an OS, a single pass of
zeroes or random data should be used. DBAN is probably the easiest way to do
this, and it will clearly inform you when there is more than one connected hard
drive in the system.
2. For drives that will be leaving the warehouse without an OS (recycle, ebay,
etc...) OR will be sitting on a shelf for an extended period of time a more
secure method should be used. This should be HDDErase for ATA drives
manufactured after 2001, or DBAN (multiple pass) for older or SCSI drives.
I don't know how well this would work, but perhaps as an alternative to the
current method or a kvm switch, we can set up a wiping station with an exposed
motherboard that can accept several drives at once. Then we only need to move
drives back and forth rather than full systems. A system that is to be
immediately loaded can be wiped at the loading station using method 1 above. A
system that is not to be immediately loaded would have the hard drive removed
and placed near the wiping station to be batch wiped. The rest of the system
could go straight to storage. The clean hard drive could then be placed in a
location appropriate to its final destination.
I think this would work great for using HDDErase as everything is done
completely within the drive once started. I don't know how well it would work
for DBAN with several drives at once because I think the bus can only handle so
much data and it can potentially make each disk take longer to wipe. This
probably wouldn't matter if we leave the DBAN systems running overnight and
could potentially save power in that case.
Tony
> Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> From: chuq00@xxxxxxxxx
> To: frgeek-michiana@xxxxxxxxxxxxx
> Date: Wed, 4 Aug 2010 10:35:00 -0400
>
> After completing the dd urandom reboot cfdisk the drive then mkfs.ext4
> and it writes zeros to the drive, then once you install the OS (ubuntu
> 10.04) I bet that no one will recover the data, it is destructive to the
> data, over written with zeros, and then over written with the OS, and
> not as disastrous to the drive as dban is.
> I just have seen drives fail after being debanned, I would only
> recommend dban on drives that will not be used in the future, or that
> are going to be sold off in lots on ebay or something similar, with a
> note that nothing is guaranteed to work as all items are used.
> Just my opinion and experiences.
>
> Chuq
>
> On Wed, 2010-08-04 at 09:59 -0400, Mike Cook wrote:
> > See comments inline. Good job Phil!
> >
> > Mike
> >
> > -----Original Message-----
> > >From: Phil Goldbach <shadowvar8541@xxxxxxxxx>
> > >Sent: Aug 3, 2010 9:54 PM
> > >To: frgeek-michiana@xxxxxxxxxxxxx
> > >Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> > >
> > >Goose is right, if we say we're going to wipe the drives, then we should
> > >do as such. I do have a copy of the Ultimate Boot CD.
> >
> > As far as I know we don't specify how we wipe drives, just that we do.
> > Higher levels of security are mentioned as a premium service.
> > http://www.freegeekmichiana.org/hard-drive-erasure.html
> >
> > >While not using the KVM would be less of clutter and while D-BAN isn't
> > >very interactive, the point is that using a separate monitor, mouse, and
> > >keyboard for each system to be wiped does take up more space. Besides, a
> > >computer should only be paired up with a working monitor, mouse, and
> > >keyboard after D-BAN and prior to installation of the OS. Otherwise,
> > >lugging the complete set to each table is just more physical work than is
> > >necessary.
> >
> > I don't think a kvm is a bad solution but we could probably just as easily
> > use a vga switch and use the same keyboard to boot each system, since we
> > only need a monitor to "monitor" to process.
> >
> > >Yes, we do need to keep the deman table cleaned and the tools put away.
> > >FGM does need some new tools as some of ours have either gone missing, are
> > >broken, or horribly disfigured and beaten up. Also, our copies of Ubuntu
> > >or other disc based tools keep taking a walk, so we might need to think of
> > >something instead of constantly burning new copies every time we're down
> > >to just a few. An idea on that is that the shelves above where we install
> > >can be cleaned up a bit and each station (there should be 6, 3 computers
> > >per table) will have a copy of D-BAN and Ubuntu.
> >
> > Good idea!
> >
> > >Whenever we do get around to rearranging the work area, I was thinking it
> > >might be a good idea to have the diagnostic table closer to the spare
> > >parts shelving for ease of access. I do know where the rest of our spare
> > >good power supplies are, just a matter of hauling them out, as the plastic
> > >tote they're in is extremely heavy.
> >
> > Good idea!
> >
> > >And finally, my sample of the diagnostic test check sheet is attached to
> > >this message.
> >
> > Looks like an excellent place to start.
> > Are you intending to test any of the components, or just mark down what
> > they are?
> >
> > >Phil Goldbach
> > >
> > >
> > >
> > >"Men cry not for themselves, but for their comrades."
> > >
> > >--- On Tue, 8/3/10, Tom Brown <tbrown@xxxxxxxxxxxxxxxxx> wrote:
> > >
> > >From: Tom Brown <tbrown@xxxxxxxxxxxxxxxxx>
> > >Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> > >To: frgeek-michiana@xxxxxxxxxxxxx
> > >Date: Tuesday, August 3, 2010, 5:52 PM
> > >
> > >It would cut down on the clutter to have just one display, kybd and mouse.
> > >
> > >Tom
> > >
> > >-----Original Message-----
> > >From: frgeek-michiana-bounce@xxxxxxxxxxxxx
> > >[mailto:frgeek-michiana-bounce@xxxxxxxxxxxxx] On Behalf Of Mike Cook
> > >Sent: Monday, August 02, 2010 19:10
> > >To: frgeek-michiana@xxxxxxxxxxxxx
> > >Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> > >
> > >The problem I see with using:
> > > dd if=/dev/urandom of=/dev/sda bs=1M
> > >is that it only does one pass. You can set dban to do the same thing (one
> > >pass, random data) and I agree that will keep all but the most intrepid and
> > >well-heeled from recovering any data from the hard drive. I don't believe
> > >that running dban (or anything else) for less than one full pass would be
> > >sufficient see:
> > >http://www.cgsecurity.org/wiki/TestDisk
> > >and
> > >http://www.cgsecurity.org/wiki/PhotoRec
> > >You can also use
> > >http://www.gnu.org/software/ddrescue/ddrescue.html
> > >to recover any data not overwritten, to a new device where you could
> > >attempt
> > >to recover data. Maybe sometime we should do a presentation on data
> > >recovery
> > >at the lug just to show how much <sarcasm> fun it can be </sarcasm>.
> > >
> > >I personally would have no problem going to a 1-pass random data wipe if
> > >the
> > >board approves. It would certainly be faster. Any system we get with
> > >sensitive data might require more stringent methods (and probably
> > >documentation).
> > >
> > >The idea of using a live cd to test the system does have merit. I'd like to
> > >see all systems dban-ed before they are booted to a os just as a standard
> > >security measure. A small live CD would allow for faster testing though.
> > >
> > >Mike
> > >
> > >
> > >-----Original Message-----
> > >>From: chuq <chuq00@xxxxxxxxx>
> > >>Sent: Aug 2, 2010 5:57 PM
> > >>To: frgeek-michiana@xxxxxxxxxxxxx
> > >>Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> > >>
> > >>I think a KVM for debanning is a bit of a waste, especially seeing as
> > >>how once you put it in and start it you can remove the disk and move to
> > >>the next system, not to mention that if you just run deban for about 20
> > >>minutes on each system that would be enough to ensure no data would be
> > >>had. I challenge someone to try to do a recover after a 20 minute
> > >>dban.
> > >>Instead of dban you can just run this command from any live distro (dsl
> > >>since it is small, boots faster than puppy)
> > >>dd if=/dev/urandom of=/dev/sda bs=1M
> > >>If you were to boot the system with DSL check out everything really
> > >>quick then before shutting down run dd if=/dev/urandom of=/dev/sda bs=1M
> > >>you have been able to take care of all of your birds with a single shot
> > >>basically.
> > >>
> > >>Chuq
> > >>
> > >>On Mon, 2010-08-02 at 11:58 -0700, Phil Goldbach wrote:
> > >>> Yeah, well sometimes OEM parts still go bad quicker than refurbs.
> > >>> Hope it all goes well, Tony.
> > >>>
> > >>> I did some minor cleaning up again and started working on the systems
> > >>> that were on the Diagnostic table. I believe I recovered 3 systems,
> > >>> which mostly needed power supplies. One system had RAM in it, but it
> > >>> was not installed. Installed that and the machine works fine. We also
> > >>> had a Gateway P3 (933 mHz, 256 MB RAM) small form-factor desktop that
> > >>> only had USB connections for keyboard and mouse. Since we had one USB
> > >>> keyboard and mouse, I hooked the system up and it ran okay. Tom
> > >>> installed Ubuntu 10.04 on it and the machine ran rather slowly. The
> > >>> only other possible suggestion is to maybe try to increase the RAM and
> > >>> see if it the speed improves, otherwise, it's just too slow for
> > >>> 10.04.
> > >>>
> > >>> I'd like to be able to keep the Diagnostic table clean as this is
> > >>> where I feel that I can be o the most help in repairing systems and
> > >>> preparing them for D-BAN and Install. I've got a Diagnostic checklist
> > >>> sheet that I'll print up. If the system meets our requirements and is
> > >>> in good working condition, then it moves on. If the system needs
> > >>> repair, depending on the repair, I'll work on that. If the system is
> > >>> not repairable or too costly to repair (RAMBUS ram for example), then
> > >>> to Deman it goes.
> > >>>
> > >>> Perhaps for D-BAN, we can set up the 8-port KVM switch we used for
> > >>> installing Vector.
> > >>>
> > >>>
> > >>> Today I registered for classes at IvyTech. Going to complete my degree
> > >>> in Criminal Justice, with a concentration on Forensics. With the way
> > >>> my class schedule is this semester, I'll still be able to come to the
> > >>> warehouse on Thursday nights.
> > >>>
> > >>> Phil Goldbach
> > >>>
> > >>> "Men cry not for themselves, but for their comrades."
> > >>>
> > >>> --- On Mon, 8/2/10, Mike Cook <mikecook@xxxxxxxxxxxx> wrote:
> > >>>
> > >>> From: Mike Cook <mikecook@xxxxxxxxxxxx>
> > >>> Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
> > >>> To: frgeek-michiana@xxxxxxxxxxxxx
> > >>> Date: Monday, August 2, 2010, 10:13 AM
> > >>>
> > >>> I don't know.... That sounds like a refurbished ACL at best. I
> > >>> hope they gave you a good deal on it. I always insist on new
> > >>> oem parts. Good luck with the PT.
> > >>>
> > >>> Mike
> > >>>
> > >>>
> > >>> -----Original Message-----
> > >>> From: Tony Germano
> > >>> Sent: Aug 2, 2010 9:46 AM
> > >>> To: frgeek-michiana@xxxxxxxxxxxxx
> > >>> Subject: [frgeek-michiana] Re: Thursday WH Report
> > >>> 07-29-2010
> > >>>
> > >>> Good job everyone!
> > >>>
> > >>> Just wanted to give a quick update about my knee...
> > >>> some of you may remember that I tore my ACL and MCL in
> > >>> my left knee back in May. The MCL has mostly healed,
> > >>> and I had surgery about 3 weeks ago to give me a
> > >>> "new" (from a dead guy) ACL. I started physical
> > >>> therapy last week, and that is expected to take 2-3
> > >>> months. I'd like to get back to helping a little when
> > >>> I can, but I would definitely be useless for all of
> > >>> this heavy lifting stuff right now :)
> > >>>
> > >>> Tony
> > >>> ** This list is PUBLICLY archived. ** PLEASE don't post
> > >>> personal or sensitive information unless you wish for it to be
> > >>> in the public domain. To visit the main website for Free Geek
> > >>> Michiana go to http://www.freegeekmichiana.org To post to the
> > >>> list send email to frgeek-michiana@xxxxxxxxxxxxxx The archive
> > >>> is available at
> > >>> //www.freelists.org/archives/frgeek-michiana/ You may
> > >>> unsubscribe or change your list settings by going to the list
> > >>> website at //www.freelists.org/webpage/frgeek-michiana
> > >>>
> > >>
> > >>
> > >>** This list is PUBLICLY archived. **
> > >>PLEASE don't post personal or sensitive information unless you wish for it
> > >to be in the public domain.
> > >>
> > >>To visit the main website for Free Geek Michiana go to
> > >http://www.freegeekmichiana.org
> > >>
> > >>To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
> > >>The archive is available at
> > >//www.freelists.org/archives/frgeek-michiana/
> > >>
> > >>You may unsubscribe or change your list settings by going to the list
> > >website at //www.freelists.org/webpage/frgeek-michiana
> > >>
> > >
> > >** This list is PUBLICLY archived. **
> > >PLEASE don't post personal or sensitive information unless you wish for it
> > >to be in the public domain.
> > >
> > >To visit the main website for Free Geek Michiana go to
> > >http://www.freegeekmichiana.org
> > >
> > >To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
> > >The archive is available at
> > >//www.freelists.org/archives/frgeek-michiana/
> > >
> > >You may unsubscribe or change your list settings by going to the list
> > >website at //www.freelists.org/webpage/frgeek-michiana
> > >
> > >
> > >
> > >** This list is PUBLICLY archived. **
> > >PLEASE don't post personal or sensitive information unless you wish for it
> > >to be in the public domain.
> > >
> > >To visit the main website for Free Geek Michiana go to
> > >http://www.freegeekmichiana.org
> > >
> > >To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
> > >The archive is available at
> > >//www.freelists.org/archives/frgeek-michiana/
> > >
> > >You may unsubscribe or change your list settings by going to the list
> > >website at //www.freelists.org/webpage/frgeek-michiana
> > >
> > >
> > >
> >
> > ** This list is PUBLICLY archived. **
> > PLEASE don't post personal or sensitive information unless you wish for it
> > to be in the public domain.
> >
> > To visit the main website for Free Geek Michiana go to
> > http://www.freegeekmichiana.org
> >
> > To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
> > The archive is available at
> > //www.freelists.org/archives/frgeek-michiana/
> >
> > You may unsubscribe or change your list settings by going to the list
> > website at //www.freelists.org/webpage/frgeek-michiana
> >
>
>
> ** This list is PUBLICLY archived. **
> PLEASE don't post personal or sensitive information unless you wish for it to
> be in the public domain.
>
> To visit the main website for Free Geek Michiana go to
> http://www.freegeekmichiana.org
>
> To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
> The archive is available at //www.freelists.org/archives/frgeek-michiana/
>
> You may unsubscribe or change your list settings by going to the list website
> at //www.freelists.org/webpage/frgeek-michiana
>
Other related posts:
