Virtual Bereavement

With my severance from Sun/Oracle, I have to return to them their computer equipment, including a chunky workstation, and a nice 24″ monitor which I’ll miss.  As part of housekeeping I knew I needed to dispose of sensitive information on the workstation: things like private keys, passwords, etc.

Short of destroying the disc in the fires of Mount Doom, the best I can do is to overwrite everything sensitive, so I hacked up a little utility to overwrite a file, then ran it with find(1) to overwrite a lot of stuff before deleting it.  First, known sensitive stuff like .gnupg and .ssh.  Then my entire home directory, to be sure to catch things like credentials cached by browsers and mailers.  Plus, for good measure, other home directories created for particular apps, and /root.

Then on to /var, and eventually /etc, by which time sensitive data are indeed erased.  And the system is essentially unusable and will have to be reinstalled – which is what I’d expect to happen in any case.  Now I can’t ever log in again, and since I don’t have a root shell open I can’t even shutdown.  So there’s nothing for it but to power down the machine for the last time and feel a mini-bereavement for the loss of a perfectly good system.

Then I realised, with zfs there’s more to do.  I boot earlier opensolaris images, and once again have a working system, albeit without data from my home directory.  Looks like it’s just old incarnations of things under /var that have to be repeatedly deleted before wiping the filesystem.

I just hope someone does use it back at Oracle.  It’s high-quality hardware, and would be a crime to throw away just because it’s been used for a couple of years.

Posted on November 25, 2010, in Uncategorized. Bookmark the permalink. 6 Comments.

  1. Why not just use shred(1) on the disk device?

  2. I would boot off cd running some other OS and use shred or something similar. If nothing else you can always just dd random data all over the disk.
    In the unlikely event that someone ever gets to use it, they’ll want to make a fresh install anyway (unless they’re specifically fishing for forgotten data).

  3. There used to be a spec for securely erasing drives. Obviously, work on the partition or drive device rather than the filesystem – since you say it’ll need reinstalled you might as well do it properly.

    IIRC it involved dd-ing a bunch of /dev/urandom, 00000000, 11111111 and then 01010101 and 10101010 patterns on the grounds that the maximally variable magnetic field imposed would minimize the chances of latent data-storage.

  4. I’m with boot from another device and write random data all over the whole disk brigade. It doesn’t meet any standards, but at that point the bad guys are welcome to what can be recovered.

    It is file system agnostic (assuming you get all relevant disks, and the firmware doesn’t do anything weird). Technically disks may have swapped out bad blocks with data on, but unless the disk firmware supports a secure erase (unlikely at that age) that data is pretty painful to erase and the chances of it being “interesting” are small enough not to worry about.

  5. From a non-techie perspective, why don’t they let you keep the kit, perhaps for a modest charge to get round benefit-in-kind tax issues? It’ll have little commercial value, they’re unlikely to redeploy it if they’re shedding people (probably wouldn’t reuse it anyway if it’s two years old), and there’s the cost of packaging, transportation and storage. Probably the thing will end up being scrapped in dangerous conditions in some far off land….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: