Category Archives: System

Disk wiping : Myth broken

There are many urban legends in the industry. I did believe in one of them : “wiping a disk to properly prevent data restore requires random writes and several passes”.

At least until I found this very instructive article, “Disk Wiping – One pass is enough“. Don’t miss the second part which clarifies some points and gives more details.

In short, after one pass, every bit of the disk is filled with zero and there is simply no way to find out what the previous value was. Even the best tools out there have no clue to do it.

Then, there is a theory of physically restoring each bit using a magnetic force microscope. It has always came with a high error rate, and with modern high density disks it is even less reliable. Now, considering any real world data length, errors occurring on the restored bits would make it impossible to rebuild any usable data. There is obviously no chance for such a technique to recover a file.

So, in the future, I will not only save time doing one pass, but I will replace :

$ dd if=/dev/urandom of=/dev/sda

with

$ dd if=/dev/zero of=/dev/sda

Note that formating just reset the partition table. In no way it clears out every bit of the disk.

Corrupted virtual disk with VMware

Wow, this article and especially one of its comments saved my day.

My computer crashed and one of the VMware machine hosted on it could not start anymore :

“Cannot open the disk ‘path of vmdk’ or one of the snapshot disks it depends on.
Reason: the specific virtual disk needs repair.

Checking on the VMware forums, I quickly found the command that was supposed to help :

$ vmware-vdiskmanager -R /path/to/disk.vmdk
The virtual disk, '/path/to/disk.vmdk', is corrupted but the repair process has failed.

Damned ! I almost resigned restoring the last backup and loosing a week of work when, by chance, I found the article mentioned above.

As recommended, I downloaded the Virtual Disk Development Kit 1.2 from VMware, untared it and still doubtfully launched :

$ ./bin64/vmware-vdiskmanager -R /path/to/disk.vmdk
The virtual disk, '/path/to/disk.vmdk', was corrupted and has been  successfully repaired.

Saved! Thanks so much to the guys. I would have never thought about trying it, I wonder how they could find it.

But how is it possible that the utility coming with vmware workstation 7.1 suck so much and is not on par with other versions ?

get rid off ConsoleKit / Dbus / Hal stuff on a server

Console-Kit spawns 35 threads on my system, which is a waste considering that I use at most 7 vty. But it is definitely useless on a server (you don’t need fast switching stuff). Dbus and Hal are also not useful on a server and consuming resources for nothing.

Unfortunately, they are settled with the default basic installation and they have some dependencies (e.g the kernel and zypper) that make them impossible to simply uninstall .

Here is a way to at least deactivate these services at startup on openSUSE 11.2 (it might also work with 11.3).

First, ConsoleKit is not a standalone daemon anymore on the latest versions of openSUSE. It is started along with dbus (you will see that if you stop dbus, all the ConsoleKit thread will magically vanish).

But trying straight to remove dbus from the startup doesn’t work, because of dependencies among services. On my system, it complained like this:

# chkconfig dbus off
 insserv: Service dbus has to be enabled to start service bluez-coldplug
 insserv: Service dbus has to be enabled to start service network
 insserv: Service dbus has to be enabled to start service haldaemon
 insserv: Service dbus has to be enabled to start service earlyxdm
 insserv: exiting now!
 /sbin/insserv failed, exit code 1
 [1]    7954 exit 1     chkconfig dbus off

So, let’s remove the bluetooth stuff:

# zypper remove bluez

Then, we just deactivate the services that can’t uninstalled:

# chkconfig earlyxdm off
# chkconfig network-remotefs off
# chkconfig haldaemon off

You will probably want to keep the network service on, otherwise your configurations scripts won’t be read anymore. In fact, we will just edit the dependency of the startup script itself, by editing /etc/init.d/network and editing these lines:

# Required-Start:    $local_fs dbus
# Required-Stop:    $local_fs dbus

What we do is just deleting the dbus word, so that the script section looks like it:

### BEGIN INIT INFO
# Provides:        network
# Required-Start:    $local_fs
# Should-Start:        isdn openibd SuSEfirewall2_init
# Required-Stop:    $local_fs
# Should-Stop:        isdn openibd SuSEfirewall2_init
# Default-Start:    2 3 5
# Default-Stop:
# Short-Description:    Configure the localfs depending network interfaces
# Description:        Configure the localfs depending network interfaces
#                       and set up routing
### END INIT INFO

Now we are done and we should be able to definitely turn dbus off:

# chkconfig dbus off

Bingo! I didn’t monitor the memory precisely, but I believe I saved around 50 MB, which is always welcomed on a small server.

I don’t know if it is the best way – I may have missed something – however I am pretty happy as it now works as I wanted. Please let me know if you have a better tip.

EMET: configure memory protection on Windows

Microsoft published a nice tool named EMET (Enhanced Mitigation Experience Toolkit) whose purpose is to check and enforce the memory security policies such as ALSR and DEP.

It shows and allows to configure the global settings, but also, and this is the most interesting part, indicated for each process running if it supports those security measures. It is even able to enforce the protections for each application which would not support it natively (i.e. not set at compilation time).