Data Destruction and You

Despite what procrastinating students and thesis authors might tell you, its actually pretty difficult to lose your homework if its ever been written to disk. This is usually good news. However, there are those few occasions when you really wish people couldn't pull up every retirement planning document, bank statement, credit report, or other personal information you've ever stored on your computer. Those occasions include getting rid of old computers or hard drives, sending in a machine for tech support, or leaving a job. I can tell you, if I were in a position where I was receiving someone's old hard drive, I'd have a hard time not at least taking a peek.

"So, what do you do?" If someone is getting rid of a computer or hard drive, they might at least format the disk. If they are sending their computer in for technical support, they might move their sensitive documents over to a thumb drive and delete them from the disk. These are both decent tactics to prevent access by a true novice, but will rarely do anything to deter a more experienced data recovery expert. The reason for this? When files are deleted or disks are formatted, typically the information about the files on the disk is updated, but the actual memory where the files were written is unchanged. "So, really though, what should you do?" Well fortunately there are a few tools out there to help. Their basic function is to scramble the actual memory where the files were written and then update the file information appropriately.

DBAN: The Hard Drive Final Solution

Darik's Boot and Nuke, or DBAN, is the tool to use for wiping whole hard drives. When you're getting rid of old disks, leaving a job, or really just want to stress test a hard drive, just download the ISO, burn it to a CD and boot from it on the computer that you want to nuke. There are a few options available on startup. These control the type of disk wipe to perform. Generally speaking, unless you are either very paranoid or just have a week to kill, the default (dodshort) is sufficient. At the prompt, simply type "autonuke" and hit enter. Depending on disk speed and size the time to completion can vary wildly, but plan for at least a day of operation.

Shred: Single File Destruction

Shred is a pretty standard Linux command. It has a few useful command line options, including whether to use random data when over writing the file, use only zeros on the last pass, the number of passes over the file to make and finally to actually delete the file afterwards. Typically I use something like: shred -uzn38 <target file>. It is important to note that if you are using a Journaling file system, this may not be an effective mechanism. However, you can in most cases tweak journaling levels so that this will not be an issue.

Secure-Delete: More than just a Shredder

The people (person?) at Techthrob wrote a pretty good article on this subject and I found their coverage of Secure-Delete especially wonderful. I'll be lifting a few parts here.

Secure-Delete is a bit of an all in one solution for scrubbing a computer, not just the hard drive. It comes with a shredder (srm), a memory scrubber (smem), a free disk space scrubber (sfill), and a swap space wiper (sswap). This is a tool-set which is appropriate for cleaning up a machine that you don't quite want to nuke. The man pages for these tools provide wonderful documentation, but if you really need a more in depth explanation check out the Techthrob link below.

Install Secure-Delete with your package manager: apt-get install secure-delete

Resources

For a bit more detail and background check out:

Installing Mercurial-Server on Fedora Core

Those of you who are familiar with distributed version control systems likely understand that the notion of a central repository has been removed from the required architecture. However, there remain several benefits to having one or more shared repositories. LShift were kind enough to bestow upon the world Mercurial-Server, an open source Mercurial authentication, authorization and repository management system. This is the tool you've been looking for to setup a single server which hosts shared repositories. To really get an appreciation of what this can do, check out the online docs.

A prerequisite to successful installation of Mercurial-Server is Mercurial itself. Yum.

yum install mercurial

While I know my way around a nix box, I'm far from what some would call adept. So, when I go to start experimenting with some new product, I usually pray for a smooth installation. This is rarely the case, and my experience with this product brought no such fortune.

The provided README and online documentation indicates that mercurial-server is targeted toward Debian based systems and most easily installed via some package management system. Had I been installing this on one of my Ubuntu boxes, I'm sure I would not be writing this article, but I was stuck with FC 14. So, reading on, they kindly suggest that on Red Hat and other variants running 'sudo make setup-useradd' would possibly work. After giving it a whirl, it very nearly did. After examining the output, it seems that the manual generation was failing due to an XSL parsing problem. "No biggy. It looks like its just a reflection of their online docs anyway." Taking a look at the MakeFile it was trivial to identify the phase which was causing the failure. Simply running the sub commands directly, while omitting the doc generation did the trick. Without further adieu:

wget http://dev.lshift.net/paul/mercurial-server/mercurial-server_1.1.tar.gz
tar -xzvf mercurial-server_1.1.tar.gz
cd mercurial-server_1.1
sudo make installetc
sudo make pythoninstall
sudo make useradd
sudo make inituser

Another thing to note is that the documentation makes reference to tooling installed at, "/usr/share/mercurial-server/", examination of the MakeFile shows that these goodies are actually installed at, "/usr/local/share/mercurial-server/." Once you're done setting it up, you might want to read up on how to config it. Check out their docs at http://dev.lshift.net/paul/mercurial-server/docbook.html.

Update: One thing the docs will not mention is that your newly created hg user will likely need to have a password set on the account before you will be able to connect. While you will be using PKI authentication, accounts without passwords set are recognized as disabled by the system. Though the mercurial-server software does prevent direct logins with the hg user, it is important to choose a significantly complex password to protect from possible vulnerabilities.

Sun JDK on Ubuntu (10.04 and later)

There is just something about using the Sun (Oracle) JDK that makes me all warm inside. So when it was pulled from standard apt repos, and being a lunix novice I was a bit irked. For some time I had stooped to simply installing it from provided binaries, which works, but is a pain in the arse. I recently discovered an article which almost gets me back to where I want to be, installing the JDK from apt. A few tweaks and here is what will get you there:
sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
sudo apt-get update
sudo apt-get install sun-java6-jdk
sudo update-alternatives --config java
Simple enough.