[frgeek-michiana] Re: Thursday WH Report 07-29-2010
- From: Tony Germano <tony_germano@xxxxxxxxxxx>
- To: <frgeek-michiana@xxxxxxxxxxxxx>
- Date: Wed, 4 Aug 2010 17:38:07 -0400
I've never actually used HDDErase myself. I just read that it is recommended
(and required for compliance in some cases) for drives that support it (2001+
manufacture date.) I have no idea what will happen if you try to HDDErase an
older drive. I'm assuming you should immediately get an error message that the
drive doesn't support that feature, and then DBAN would be the best option.
We have to remember that while DBAN is a great program, it was created based on
a recommendation before the Secure Erase feature existed. It should no longer
be considered the primary tool for the job.
Also something to look forward to... There will be an Enhanced Secure Erase on
drives that have built in encryption. Wiping the drive will be as easy as
destroying the encryption key and will take less than a second. I think there
are a few laptop hard drives that already implement this.
Tony
Date: Wed, 4 Aug 2010 12:57:11 -0700
From: shadowvar8541@xxxxxxxxx
Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
To: frgeek-michiana@xxxxxxxxxxxxx
Well I do plan actually testing the systems. After all, it will be Diagnostic
Testing and Evaluation. For example, if a video card displays both on initial
start up and by running a live distro, then it's good to go.
I figured FGM spent the time and the money to use the KVM that you were intent
on using, Chuq, that it would be a waste to not use it. And it's been discussed
about using the server and a private network to install the systems before,
everyone seems to like that idea, it just has never been decided if that is the
way to go or not, and then it has to be setup. Then we have to take the time to
teach on how to install or run D-BAN over the network. Using removable media
however, it is simple and easy to show on how to do. There's always a chance
that if we try to make a task too complex that not many people will be willing
to do that task, which then could lead to people being burned out.
Nor have I ever had a drive fail on me after using D-BAN. Remember, when we get
a system, we don't know how many times a particular hard drive has been
reformatted or not, so there's always a good chance that any random drive could
be on its last legs, so if by running D-BAN kills the drive, then it wasn't
D-BAN's fault. Rather, it was just the time for the drive to go. We should also
remember that any drive, power supply, motherboard, RAM, etc., could also be
bad or on its last legs when we get it. After all, the Alienware system I had
picked up, the board decided to go out. For free, I'm not expecting much, and
it was just the luck of the draw.
All in all, I'd say it just personal experiences and opinions as to which
method a person uses to wipe a drive. Everyone has their preferred method and
that's what they're going to use. I have yet to use HDDErase (Secure Erase)
from UBCD, but I'll gladly give it a try tomorrow night at the warehouse.
I know awhile back I had made a couple copies of UBCD specifically for FGM. I
don't know if they're still at the warehouse or not. If they are, the should be
by the server or there abouts. Ever since you first mentioned UBCD, Tony, I
downloaded it, burned it, and I like it. It is a very useful and powerful tool
to have.
Phil Goldbach
"Men cry not for themselves, but for their comrades."
--- On Wed, 8/4/10, Mike Cook <mikecook@xxxxxxxxxxxx> wrote:
From: Mike Cook <mikecook@xxxxxxxxxxxx>
Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
To: frgeek-michiana@xxxxxxxxxxxxx
Date: Wednesday, August 4, 2010, 9:59 AM
See comments inline. Good job Phil!
Mike
-----Original Message-----
>From: Phil Goldbach <shadowvar8541@xxxxxxxxx>
>Sent: Aug 3, 2010 9:54 PM
>To: frgeek-michiana@xxxxxxxxxxxxx
>Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
>
>Goose is right, if we say we're going to wipe the drives, then we should do as
>such. I do have a copy of the Ultimate Boot CD.
As far as I know we don't specify how we wipe drives, just that we do. Higher
levels of security are mentioned as a premium service.
http://www.freegeekmichiana.org/hard-drive-erasure.html
>While not using the KVM would be less of clutter and while D-BAN isn't very
>interactive, the point is that using a separate monitor, mouse, and keyboard
>for each system to be wiped does take up more space. Besides, a computer
>should only be paired up with a working monitor, mouse, and keyboard after
>D-BAN and prior to installation of the OS. Otherwise, lugging the complete set
>to each table is just more physical work than is necessary.
I don't think a kvm is a bad solution but we could probably just as easily use
a vga switch and use the same keyboard to boot each system, since we only need
a monitor to "monitor" to process.
>Yes, we do need to keep the deman table cleaned and the tools put away. FGM
>does need some new tools as some of ours have either gone missing, are broken,
>or horribly disfigured and beaten up. Also, our copies of Ubuntu or other disc
>based tools keep taking a walk, so we might need to think of something instead
>of constantly burning new copies every time we're down to just a few. An idea
>on that is that the shelves above where we install can be cleaned up a bit and
>each station (there should be 6, 3 computers per table) will have a copy of
>D-BAN and Ubuntu.
Good idea!
>Whenever we do get around to rearranging the work area, I was thinking it
>might be a good idea to have the diagnostic table closer to the spare parts
>shelving for ease of access. I do know where the rest of our spare good power
>supplies are, just a matter of hauling them out, as the plastic tote they're
>in is extremely heavy.
Good idea!
>And finally, my sample of the diagnostic test check sheet is attached to this
>message.
Looks like an excellent place to start.
Are you intending to test any of the components, or just mark down what they
are?
>Phil Goldbach
>
>
>
>"Men cry not for themselves, but for their comrades."
>
>--- On Tue, 8/3/10, Tom Brown <tbrown@xxxxxxxxxxxxxxxxx> wrote:
>
>From: Tom Brown <tbrown@xxxxxxxxxxxxxxxxx>
>Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
>To: frgeek-michiana@xxxxxxxxxxxxx
>Date: Tuesday, August 3, 2010, 5:52 PM
>
>It would cut down on the clutter to have just one display, kybd and mouse.
>
>Tom
>
>-----Original Message-----
>From: frgeek-michiana-bounce@xxxxxxxxxxxxx
>[mailto:frgeek-michiana-bounce@xxxxxxxxxxxxx] On Behalf Of Mike Cook
>Sent: Monday, August 02, 2010 19:10
>To: frgeek-michiana@xxxxxxxxxxxxx
>Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
>
>The problem I see with using:
> dd if=/dev/urandom of=/dev/sda bs=1M
>is that it only does one pass. You can set dban to do the same thing (one
>pass, random data) and I agree that will keep all but the most intrepid and
>well-heeled from recovering any data from the hard drive. I don't believe
>that running dban (or anything else) for less than one full pass would be
>sufficient see:
>http://www.cgsecurity.org/wiki/TestDisk
>and
>http://www.cgsecurity.org/wiki/PhotoRec
>You can also use
>http://www.gnu.org/software/ddrescue/ddrescue.html
>to recover any data not overwritten, to a new device where you could attempt
>to recover data. Maybe sometime we should do a presentation on data recovery
>at the lug just to show how much <sarcasm> fun it can be </sarcasm>.
>
>I personally would have no problem going to a 1-pass random data wipe if the
>board approves. It would certainly be faster. Any system we get with
>sensitive data might require more stringent methods (and probably
>documentation).
>
>The idea of using a live cd to test the system does have merit. I'd like to
>see all systems dban-ed before they are booted to a os just as a standard
>security measure. A small live CD would allow for faster testing though.
>
>Mike
>
>
>-----Original Message-----
>>From: chuq <chuq00@xxxxxxxxx>
>>Sent: Aug 2, 2010 5:57 PM
>>To: frgeek-michiana@xxxxxxxxxxxxx
>>Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
>>
>>I think a KVM for debanning is a bit of a waste, especially seeing as
>>how once you put it in and start it you can remove the disk and move to
>>the next system, not to mention that if you just run deban for about 20
>>minutes on each system that would be enough to ensure no data would be
>>had. I challenge someone to try to do a recover after a 20 minute
>>dban.
>>Instead of dban you can just run this command from any live distro (dsl
>>since it is small, boots faster than puppy)
>>dd if=/dev/urandom of=/dev/sda bs=1M
>>If you were to boot the system with DSL check out everything really
>>quick then before shutting down run dd if=/dev/urandom of=/dev/sda bs=1M
>>you have been able to take care of all of your birds with a single shot
>>basically.
>>
>>Chuq
>>
>>On Mon, 2010-08-02 at 11:58 -0700, Phil Goldbach wrote:
>>> Yeah, well sometimes OEM parts still go bad quicker than refurbs.
>>> Hope it all goes well, Tony.
>>>
>>> I did some minor cleaning up again and started working on the systems
>>> that were on the Diagnostic table. I believe I recovered 3 systems,
>>> which mostly needed power supplies. One system had RAM in it, but it
>>> was not installed. Installed that and the machine works fine. We also
>>> had a Gateway P3 (933 mHz, 256 MB RAM) small form-factor desktop that
>>> only had USB connections for keyboard and mouse. Since we had one USB
>>> keyboard and mouse, I hooked the system up and it ran okay. Tom
>>> installed Ubuntu 10.04 on it and the machine ran rather slowly. The
>>> only other possible suggestion is to maybe try to increase the RAM and
>>> see if it the speed improves, otherwise, it's just too slow for
>>> 10.04.
>>>
>>> I'd like to be able to keep the Diagnostic table clean as this is
>>> where I feel that I can be o the most help in repairing systems and
>>> preparing them for D-BAN and Install. I've got a Diagnostic checklist
>>> sheet that I'll print up. If the system meets our requirements and is
>>> in good working condition, then it moves on. If the system needs
>>> repair, depending on the repair, I'll work on that. If the system is
>>> not repairable or too costly to repair (RAMBUS ram for example), then
>>> to Deman it goes.
>>>
>>> Perhaps for D-BAN, we can set up the 8-port KVM switch we used for
>>> installing Vector.
>>>
>>>
>>> Today I registered for classes at IvyTech. Going to complete my degree
>>> in Criminal Justice, with a concentration on Forensics. With the way
>>> my class schedule is this semester, I'll still be able to come to the
>>> warehouse on Thursday nights.
>>>
>>> Phil Goldbach
>>>
>>> "Men cry not for themselves, but for their comrades."
>>>
>>> --- On Mon, 8/2/10, Mike Cook <mikecook@xxxxxxxxxxxx> wrote:
>>>
>>> From: Mike Cook <mikecook@xxxxxxxxxxxx>
>>> Subject: [frgeek-michiana] Re: Thursday WH Report 07-29-2010
>>> To: frgeek-michiana@xxxxxxxxxxxxx
>>> Date: Monday, August 2, 2010, 10:13 AM
>>>
>>> I don't know.... That sounds like a refurbished ACL at best. I
>>> hope they gave you a good deal on it. I always insist on new
>>> oem parts. Good luck with the PT.
>>>
>>> Mike
>>>
>>>
>>> -----Original Message-----
>>> From: Tony Germano
>>> Sent: Aug 2, 2010 9:46 AM
>>> To: frgeek-michiana@xxxxxxxxxxxxx
>>> Subject: [frgeek-michiana] Re: Thursday WH Report
>>> 07-29-2010
>>>
>>> Good job everyone!
>>>
>>> Just wanted to give a quick update about my knee...
>>> some of you may remember that I tore my ACL and MCL in
>>> my left knee back in May. The MCL has mostly healed,
>>> and I had surgery about 3 weeks ago to give me a
>>> "new" (from a dead guy) ACL. I started physical
>>> therapy last week, and that is expected to take 2-3
>>> months. I'd like to get back to helping a little when
>>> I can, but I would definitely be useless for all of
>>> this heavy lifting stuff right now :)
>>>
>>> Tony
>>> ** This list is PUBLICLY archived. ** PLEASE don't post
>>> personal or sensitive information unless you wish for it to be
>>> in the public domain. To visit the main website for Free Geek
>>> Michiana go to http://www.freegeekmichiana.org To post to the
>>> list send email to frgeek-michiana@xxxxxxxxxxxxxx The archive
>>> is available at
>>> //www.freelists.org/archives/frgeek-michiana/ You may
>>> unsubscribe or change your list settings by going to the list
>>> website at //www.freelists.org/webpage/frgeek-michiana
>>>
>>
>>
>>** This list is PUBLICLY archived. **
>>PLEASE don't post personal or sensitive information unless you wish for it
>to be in the public domain.
>>
>>To visit the main website for Free Geek Michiana go to
>http://www.freegeekmichiana.org
>>
>>To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
>>The archive is available at
>//www.freelists.org/archives/frgeek-michiana/
>>
>>You may unsubscribe or change your list settings by going to the list
>website at //www.freelists.org/webpage/frgeek-michiana
>>
>
>** This list is PUBLICLY archived. **
>PLEASE don't post personal or sensitive information unless you wish for it
>to be in the public domain.
>
>To visit the main website for Free Geek Michiana go to
>http://www.freegeekmichiana.org
>
>To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
>The archive is available at
>//www.freelists.org/archives/frgeek-michiana/
>
>You may unsubscribe or change your list settings by going to the list
>website at //www.freelists.org/webpage/frgeek-michiana
>
>
>
>** This list is PUBLICLY archived. **
>PLEASE don't post personal or sensitive information unless you wish for it to
>be in the public domain.
>
>To visit the main website for Free Geek Michiana go to
>http://www.freegeekmichiana.org
>
>To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
>The archive is available at //www.freelists.org/archives/frgeek-michiana/
>
>You may unsubscribe or change your list settings by going to the list website
>at //www.freelists.org/webpage/frgeek-michiana
>
>
>
** This list is PUBLICLY archived. **
PLEASE don't post personal or sensitive information unless you wish for it to
be in the public domain.
To visit the main website for Free Geek Michiana go to
http://www.freegeekmichiana.org
To post to the list send email to frgeek-michiana@xxxxxxxxxxxxxx
The archive is available at //www.freelists.org/archives/frgeek-michiana/
You may unsubscribe or change your list settings by going to the list website
at //www.freelists.org/webpage/frgeek-michiana
Other related posts:
