Nuke and Pave
I got a new work laptop. I finished moving everything I care about from the old laptop. All I wanted to do was flush the disk in the old laptop. I always try to clear a machine’s disk before releasing control of it — either by turning it back to IT (for a work machine) or selling/donating/giving it away (for a personal machine). It makes the machine unambigiously cleared and ready for re-use. My work machines never have anything really personal on them, but they do have company proprietary source code and other information that I’d just as soon be cleared off before I lose control of it. Any reasonable IT department will re-image the machine when they get it back from an employee but I feel better when the data I’ve been entrusted with is gone before I lose control of a machine. I started by making a Boot and Nuke CD. It wouldn’t boot! I tried again with a fresh, newer CD-R. Failed. I decided to try a different solution: an Ultimate Boot CD which has Boot and Nuke on it. Still losing.
I try the CD in another machine (a Virtual machine). It works fine. Eventually my razor sharp troubleshooting skills consider that the alarming clunking sound the CD-ROM was making with every attempt may be related to it not working at all. The laptop’s CD-ROM is apparently toast. I don’t have a floppy drive for the machine so I can’t just make a quick boot floppy. The machine is too old to support USB booting, so will boot from neither a USB memory key nor a USB DVD-ROM. Defeated?
Never! After a dismaying amount of time and number of attempts to get other, more obvious PXE network boot solutions to work, I found this: PXE-booting DamnSmallLinux. Some unzipping, installing atftpd, and I’m ready to .. upgrade my DHCP server! With the dhcp3-server package, everything was ready.
The aging laptop PXE booted, loaded Damn Small Linux, fired up X and was ready to go. I opened an xterm and told the machine to “shred -n 1 -v /dev/hda”. shred is a utility to nuke files and partitions by writing over them with random data. shred defaults to 25 passes which is overkill for my purpose and would probably melt the poor laptop disk, so I use -n 1 to tell it to make one pass only. For ultimate security I would use more passes but one pass will stop the casual/accidental reuse I aim to prevent and is done 24 times sooner. I occasionally wonder what the real difference for a determined data recovery company is between trying to pull data off a disk that’s been wiped once and a disk that has been wiped 25 times. I assume the reason security minded goverment agency types physically destroy disks rather than relying on a data wiper is that the answer is “not enough to be absolutely sure.”