Nebula is a great mesh network I recently deployed into my stack. For connecting nodes spread between networks, it’s great, much better than my previous WireGuard installation. An additional feature of nebula is unsafe_routes. Unsafe routes allow nodes which don’t have Nebula installed to be accessible to other Nebula nodes.
People say there’s no 100% reliable way to wipe a storage drive, and they’re right. By the nature of how mechanical drives work, there’s no real way to say for sure whether the data is ever really gone.
With drives, the only way to be sure the content is gone is to destroy them. Whether by scratching the platters, destroying them, or just crushing the entire enclosure.
Sometimes however, there are legitimate times where you need to give a drive away, re-purpose it somewhere else, or in my case send it in for an RMA. In situations like that, it can’t hurt to be cautious and try to wipe the drive as best you can.
Wiping a drive like this isn’t foolproof. Whilst it’s highly unlikely and would require an incredible amount of time and experience to get even a single bit off a drive.
These tools all have some kind of progress monitoring, but you can use
iotop to show the speed data is being written to the device.
badblocks is a tool designed primarily for finding faults in drives and performing burn-in tests.By the nature of how it works, it writes data to a disk systematically such that it writes to every single block.
badblocks -b 4096 -wsv /dev/sdX
In reality, this isn’t a great tool for doing this, as it also reads the data back which can take just as long as the writes. But it’s still a useful tool in the box nonetheless.
shred is designed specifically to delete files and make their contents unrecoverable. It does this by repeatedly writing over a file 3 times with random data. You can also configure it to do an additional pass with just zeros, which exists to hide the fact the drive has been shredded.
shred -vfz /dev/sdX
shred can also operate on files, if you’ve got just a file to shred. This relies on the fact that the filesystem overwrites data in place, which in many cases it doesn’t.
Darik’s Boot And Nuke (DBAN) is a tool designed for wiping hard drives, however rather than being a command-line tool, it’s a bootable environment. This should make it much easier to use, and because you don’t need another drive to run it off (besides a USB), it massively reduces the chances of nuking the wrong drive.
dd, good ol’
dd. Now we need the features which give it the nickname “disk destroyer”.
dd simply writes files to other files, and on Linux everything’s a file! Therefore it’s easy to just say “hey, fill this drive with zeros”, and
dd will do it as fast as it possibly can!
dd if=/dev/zero of=/dev/sdX bs=1M
No frills, no extra writes, no ensuring it writes to every sector. Just disk writes. If you’re super paranoid, you can replace
/dev/urandom, as this not only ensures the resulting data is random, but can also help against any internal caching or compression the disk is doing.
Like I say, wiping drives isn’t really possible with 100% certainty. So if you’re super paranoid, best either not send back drives, or encrypt the hell out of them.
If you do have to give a drive to someone else, and you want to be as sure as you can there’s no data on it, then my personal tool of choice is
shred. I can just run it on my server on outbound drives just before unplugging them.
Share this page
After recently deploying a ZFS pool, I realized I had little insight into the health of my drives. I can run SMART stats now and then, but that’s not quite the same.Scrutiny Scrutiny is a tool to help you with just that. It presents a web UI which shows you…
My university has a development sever, which it uses to host our coursework without the need to set up a development environment locally. It also enables lecturers to mark our work in a controlled environment, without needing to spin up an environment, and run untrusted code on their machines, a…
View all →