I’ve started a travel blog on tumblr, where I’ll post pictures and other little snippets from the next 6-12 months of backpacking around the world. You can find it at safari.nat.org.
After a short delay for knee surgery, our move-out date in Munich is now less than a week away.
Since we’re planning to spend the next ~year traveling, this week I’m continuing to divest myself of things that won’t fit in a 55 liter backpack.
And that includes more than 20 hard drives I’ve used over the years: laptop, desktop, usb. With great effort, I’ve consolidated all their data onto one disk, which will be spending the next year somewhere safe and sound (it’s backed up, of course).
But what to do with all the drives? Well, some would say – smash them with a hammer and be done with them. But it would be nice if someone could make use of all these platters, would it not? So I’m in the process of securely deleting them all so that I can give them away.
Unfortunately, securely deleting 20 drives is no easy matter. It’s not secure to just repartition and reformat – the data is still there, and may include passwords or facebook cookies or other things that could be used against me and my friends.
But, ah, you say, I’ll just zero out the drive, with a command like dd if=/dev/zero of=/dev/sdc bs=100M count=5000.
This, sadly, is quite slow, especially given that I’m erasing most of these drives with a USB/SATA adapter.
To make matters worse, writing zeroes is not good enough, according to a famous 1996 paper by Peter Gutmann. He wrote:
The problem lies in the fact that when data is written to the medium, the write head sets the polarity of most, but not all, of the magnetic domains. This is partially due to the inability of the writing device to write in exactly the same location each time, and partially due to the variations in media sensitivity and field strength over time and among devices.
In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous “layers” contained.
So even after you’ve zero’d a drive, or even written random data to it, the old, overwritten value can be obtained through various techniques including magnetic force microscopy and scanning probe microscopy.
Gutmann developed a 35-pass erasure algorithm, known as the Gutmann method, to thwart these techniques and eradicate every trace of the old data from a drive.
And there’s even a handy Linux command, shred, which implements the Gutmann algorithm and can be run against a file or a device node directly.
Now, Gutmann’s paper and the 35-pass erasure method are often cited, but are also at this point quite old. Hard drives have changed a lot since 1996. They’re much denser, of course. And the method by which they encode data on the disk has changed as well (PRML/EPRML vs MFM).
Plus the interesting data is now drowning in a sea of uninteresting data. My password database is a few lonely kilobytes amid gigabytes of binaries and libraries and web caches and so on. And, as several people pointed out to me just after I wrote this, recent research seems to indicate that on modern drives, one pass is enough.
So it’s overkill to pull a “full Gutmann” on these drives before donating them to the local orphanage. And I don’t have the time for that anyway.
But nevertheless, I’d feel better doing at least one pass, right? Unfortunately /dev/urandom is pretty slow for this – far slower than /dev/zero or shred, which are already un-fast. And when you’re erasing 20 drives over USB and trying to stay ahead of the moving truck, speed matters.
Well, it turns out that the ATA command set has included a built-in “secure erase” command (ATA-SE) since 2001. This command performs the entire erasure on the drive itself. Since the computer doesn’t have to shuffle bits over the (in my case) USB bus to the disk, it’s quite a lot faster (though still by no means fast – I’m currently waiting 97 minutes for a 250GB USB drive to secure-erase). Also, it erases blocks that the hard disk had marked as “bad blocks” – so those aren’t recoverable either.
Check out these instructions for using the secure erase command from Linux with hdparm.
But unfortunately there is a sad ending to this story. The ATA spec also includes a command called “freeze lock.” This command tells the drive to disable the secure-erase command. And most BIOSes issue the command to all connected ATA drives on boot.
I think my friend Phil summed this up pretty well:
phik: that's the kind of thing that makes you feel really professionally rewarded phik: you tirelessly fight your boss to work on something, make a prototype phik: push it through some god-awful standards body phik: get everyone to adopt it phik: and the bios vendors block it
(Luckily, on my thinkpad, ATA-SE is still an option. And it works on about half these USB drives. Hooray!)
I just googled my social security number.
Just to, you know, make sure.
No results.
Phew.
My sister is in town with her 17-month-old daughter, and today we went to the Munich zoo.
It’s a great zoo, but it’s still a zoo. The apes live indoors in a big room the size of a gymnasium. They’re locked in there for the amusement of the throngs of children who smack their palms on the inch-thick glass and squeal. And I’m not an expert on apes, but they don’t look psyched about it.
And so I was thinking: now that we have cheap HD video and the internet, we don’t need to do this anymore. Let’s just close all the zoos and use the money to establish a fabulous online library of animal videos, and massive wildlife preserves that you can visit on foot or via jeep safari. In the process, we’ll free up acres of prime urban real estate that can be sold as parkland and residential neighborhoods.
Ok, visiting youtube isn’t the same as going to the zoo, but we’ve moved our freaks from the fairground to the internet, so the idea is not without precedent.
As a vegetarian, I’m used to being in the minority on this kind of thing, but I thought I’d put it out there anyway.
I was recently in a thread about “travel hacks” (on quora). People seemed to like my tips, so here they are, for general consumption:
- For packing the trick is BIT: buy it there. Pack the minimum you think you’ll need and if you forget something, buy it there. Often I don’t end up buying anything, but making this a part of my trip planning helps me relax and pack light.
- Passport, wallet, housekey, phone & charger. That’s my checklist when I leave the house on the way to a flight. Anything else is a non vital item I figure I can take care of when I get there. You could buy a new phone charger there but this is such an oft-forgotten item that you want it on your checklist lest you find yourself drowning in $30 wall warts. If you take heart medication you might want to add that to your checklist.
- They’re popular among frequent flyers, but I avoid the Bose noise-canceling headphones because they’re too big (and the travel case makes them even bigger). You can get a pair of in-ear noise-isolating headphones that are just as good, half the price, and 1/50th the volume (that’s volume in cm**3, not db). Slip them in your pocket and travel light. I use a pair from Shure and they’re fine.
- Luggage with a lifetime guarantee is worth the slight premium in price. Briggs and Riley make a very sturdy bag that’s strong enough you can sit on it during a long pre-boarding wait, and with zippers that rarely break. And when they do – in 5 or 10 years – replacement is free.
- If you’re tall or otherwise picky about airplane seats, use seatguru.com to understand the seat layout of your flight. Seatguru will warn you about equipment boxes under the seat in front of you, cold seats, or seats with a lot of bathroom traffic.
- From my wife, I learned to *always* ask for a better price or a free upgrade on hotel checkin. We stayed 10 nights in a $2400/night hotel room with an in-room infinity-edged swimming pool at Jade Mountain in St. Lucia (it’s amazing, check the website) for less than $300 a night because the lady who checked us in shrugged and said “sure” when we asked for a free upgrade. If they say no, no harm done. And you’ll be surprised how often things are negotiable (I was).
- For overnight flights, don’t take the sleeping pill until the airplane is actually off the ground. I once had an 11pm redeye with a post-boarding, pre-takeoff equipment problem that was announced moments after I swallowed a pill. Deboard, wait 3 hours, and finally reboard while fighting off the somnolence. Obviously doesn’t apply if you don’t take sleeping pills to fly (good for you).
- Never drink on a redeye; you’ll be dessicated enough when you land without any help from alcohol or any other diuretic. I avoid caffeine for the same reason.
- If you travel a lot internationally, it might be worth it to pay the $65/month for AT&T’s international unlimited data plan. It really is unlimited, and as far as I know it’s unique in the world. People from other countries are incredibly jealous that this plan is available to Americans (or people with a US credit history and address).
- Hotels make bank on the extras: room service, internet, parking, minibar, laundry. Make every effort to avoid these. If you’re traveling light and need laundry done, find a wash-dry-fold nearby; you can often pay them a rush fee for next-day service (sometimes it’s not advertised) and save a bundle. Take an airport express to share the internet cost with your spouse (or tether through your phone with unlimited international data). Grab a few snacks at a grocery store on the way from the airport to eliminate the risk of sating late-night hunger with $12 cashews.
And here’s a selection of tips from others in the same thread:
- Firebug can make that C20 boarding pass be an A1 boarding pass. They’ll never know. (From Ben Maurer) (Nota Bene: not TSA approved)
- If you’re traveling with someone, and you’re on a flight with 3 seats across, book the aisle and window, leaving the middle seat empty. That seat is much more likely to remain empty than if you leave the aisle or window empty, and if someone does happen to get placed there, chances are they’ll be ecstatic to switch seats with one of you. (from Stefanie Wauk)
I have a lot of experience running software team meetings with a lot of remote participants dialing in to a conference line. When a big chunk of your team is distributed, it’s important to get on the phone sometimes and hear each other’s voices. But these calls can be really hard to manage.
There’s nothing worse than being the remote participant on a conference call and struggling to make out the murmured conversations taking place in the conference room thousands of miles away — where the “main” participants are all sitting together, suddenly laughing about something you didn’t hear or understand. How is this a good use of your time? You had to get up early for this because you’re in the “wrong” time zone, and now you’re listening to the teacher in Charlie Brown.
On the SUSE Studio team, we had a “level playing field” rule for our weekly meetings. Even though a lot of us were clustered in Nürnberg, Germany, everyone dialed in to the meeting, putting every single person on an even footing. There’s no “local” and “remote.” Everyone has to speak clearly into the telephone.
When we instituted this rule, we noticed the “remote” participants joining in the conversation a lot more often, and the calls went a lot smoother.
This worked well for us. It might help you too. Let me know how it goes.