Shootout: 'rm -Rf /' vs. 'Format C:' 513
skyshock21 writes "There's an article over at hohle.net about what actually happens when you type the commands Format C: in windows versus rm -Rf / in Linux. Very interesting results indeed. Myths are busted, and hilarity ensues."
...vs Magnet vs Tossage (Score:4, Funny)
The medium tech solution (Score:3, Funny)
Re:...vs Magnet vs Tossage (Score:5, Interesting)
Unfortunatly a Taxi driver took the PC with him and managed to boot the machine and found an enormous ammount of very confidentinial information on the HDD. Information about some top crime and fraude cases. The Taxi driver then sold this HDD to a dutch TV crime fighter.
In the end this got the prosecutor fired. Which I think is sort of unreasonable, since the major issue is the justice departments lack of descent security procedure.
Re:...vs Magnet vs Tossage (Score:4, Insightful)
Re:...vs Magnet vs Tossage (Score:3, Insightful)
The real problem here is that A) there wasn't some sort of tech support in place that would have made that decision instead of him. B)There isn't some sort of policy detailing what can be done with the computers or information/storage devices if somethign like this ever did happen.
Re:...vs Magnet vs Tossage (Score:4, Interesting)
Re:...vs Magnet vs Tossage (Score:3, Interesting)
Re:...vs Magnet vs Tossage (Score:3, Insightful)
When you throw something in the garbage, it's still yours. It's not free for the taking.
The taxi driver stole the computer and the "Dutch TV Crime Fighter" bought stolen property. That's criminal.
Re:...vs Magnet vs Tossage (Score:5, Informative)
Not in the USA. Trash is considered 'abandonded property' [harvard.edu] and is up for grabs.
Re:...vs Magnet vs Tossage (Score:3, Funny)
Very true...I live in New Orleans. I think I mentioned it before, but, you put anything out that even LOOKS relatively useful (and some amazing non-useful)...and it will not be there by morning. Hehehe...one afternoon, while getting ready to move..decided it was time to get rid of some of the old playboys and such rather than move them. I put them all in a box, but, left the lid open. This was a good 40-50lbs easily...well,
Re:...vs Magnet vs Tossage (Score:4, Interesting)
Also, if you don't do a bad block scan {which wipes out any pre-existing data good and proper} on a used hard drive when you create the file system{s} on it, you're just asking for trouble.
I recommend dd if=/dev/audio of=/dev/hda1 {or whatever; but basically you want to get the raw data coming in from the sound card and write it straight to the disk partition} before passing on a used drive. Crank up the input gains to the max, but don't actually plug anything in
Re:...vs Magnet vs Tossage (Score:3, Informative)
Or, better:
Writes over the disk with random data, then zeroes, a total of four times. Good luck recovering anything off that puppy (although, it most likely can still be done with some *very* sophisticated equipment).
Re:...vs Magnet vs Tossage (Score:5, Interesting)
On my base, we sometimes took the drives over to EOD (Explosive Ordinance Disposal). They reportably had a great time.
Re:...vs Magnet vs Tossage (Score:4, Informative)
The cool part was being able to recycle the magnesium casings on those giant-sized drives (about a foot wide, 8 inches tall, and about 2 feet long). I made a few hundred dollars on that!
I don't know what the big deal was, though. Our facility only handled... oh wait, someone's at the door...
Re:...vs Magnet vs Tossage (Score:4, Informative)
Platters aren't metal.
Re:...vs Magnet vs Tossage (Score:4, Informative)
In any case, the magnetic material was a certain color - kind of a golden brown, and the substance below was something else. We had to sand off any of the golden brown stuff so that only the underlying substance remained.
I think most platters today are made out of glass, but many years ago, they were made out of something that was very metal-like. This is back when the platters were more than a foot across. Physically, they were very large drives.
Re:...vs Magnet vs Tossage (Score:3, Informative)
The older drives used 14" platters. I can still remember the Digital RP06 drives, which were OEMed from Memorex. The drives looked like black washing machines. (Wiggled
openbsd rm (Score:5, Informative)
Re:openbsd rm (Score:5, Informative)
For instance, 'shred -u -z file' will overwrite that file 25 times with random bits, overwrite it with all zeros to hide the shreading, then remove the file.
'info shred' (or 'man shred' for less detail) for more info on how to use shred.
Re:openbsd rm (Score:5, Informative)
CAUTION: Note that shred relies on a very important assumption: that the filesystem overwrites data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption. The following are examples of filesystems on which shred is not effective:
* log-structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
* filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems
* filesystems that make snapshots, such as Network Appliance's NFS server
* filesystems that cache in temporary locations, such as NFS version 3 clients
* compressed filesystems
Re:openbsd rm (Score:3, Interesting)
This is quite true, which is why shred is generally more effective when used on an entire device (/dev/hdb, /dev/fd0, etc.) rather than on a single file on a filesystem. Even then, however,
Re:openbsd rm (Score:4, Insightful)
I'm very skeptical of this claim. He's essentially claiming any magnetic media has an infinite capacity.
For example, take a disk with a capacity of 100 GB. I fill that with data; I read the data.
Then I overwrite the entire disk with another 100 GB of data. Of course I can read the new data. And supposedly with enough time and patience I can read the data that has been overwritten. By overwriting I've doubled the capacity of the media.
When I overwrite the disk again I can read the new data, I can recover the data I've just overwritten, and because this process is irrespective of the number of overwrites, I can retrieve the original data that has been overwritten twice.
This seems to defy some basic laws of physics, but I admit I do not know all the inner workings of magnetic media.
Re:openbsd rm (Score:5, Informative)
But I believe the basis of the claim is that, for any given "bit position" on the disc, the current magnetic reluctance of that position depends on its current state and some function of the previous state. And the previous state depends on itself and ITS previous state, and so on.
Also, the aligment of each recording cell does not precisely line up each time. There's very sophisticated circuitry in a modern drive to figure out what the bit was supposed to be. (Keep in mind that what is actually written to the disk is coded, so that you never get long runs of 0s or 1s.) All those probabilities are fed in to the decode logic to come up with actual, usable bytes.
So if you get to the magnetic surface and can assess the relative strengths of fragments of bits at each bit position, you can start to rebuild the history of that position. Then you have to re-run the decode to work out what the datablock contained.
Though I can only see this being feasible for a small number of overwrites... but I really must read some of Schneier's works.
There's a reason why we make backups; data recovery in that manner costs a fortune.
Re:openbsd rm (Score:4, Informative)
Re:openbsd rm (Score:3, Funny)
Re:openbsd rm (Score:4, Funny)
Re:openbsd rm and journalled filesystems (Score:3, Interesting)
And I'm not so sure about the viability of recovering overwritten data anyway, even with electron microscopes and whatnot. Let's face it, if it was at all prac
Re:openbsd rm (Score:3, Interesting)
Re:openbsd rm (Score:3)
Well, other than the fact that it doesn't work, it's fine
This is exactly why I wrote File::Copy and why it was picked up in the core: people always get the subtleties of File::Copy wrong because there are so many.
First off, the return value of "read" is a nunber, not the buffer that was read.
Second, you're not accounting for partial reads and/or writes (and, yes they hap
Re:openbsd rm (Score:4, Informative)
Although the shell version is working in blocks, it will not leave bytes unreplaced at the end. It might perhaps increase the logical size of the file before removes it. (du will report the number of blocks in use, and round a partial block to the next block. The file system will always allocate space in some multiple of a block size, so extending it to the end of the block won't actually increase the disk space allocated to the file.)
And since I'm enumerating what I agree and disagree with, I guess I should add that I agree with the utility of File::Copy. Thank you for it.
An interesting topic, at last!! (Score:2, Interesting)
Re:An interesting topic, at last!! (Score:4, Interesting)
A more appropriate shootout (Score:5, Insightful)
Re:A more appropriate shootout (Score:2)
deltree (Score:3, Informative)
Re:deltree (Score:5, Informative)
Re:A more appropriate shootout (Score:2)
Stupid clueless users.
Re:A more appropriate shootout (Score:3, Funny)
"I know that "format c:" and "rm -Rf
This comparison is mostly to check how well you can get a n00b to screw up his system, which is notoriously done with format and rm.
Re:A more appropriate shootout (Score:5, Funny)
mkdir foo; cd foo
end"
is even more effective.
Re:A more appropriate shootout (Score:3, Informative)
However, the person who posted
was onto something. That killed the machine I typed it at
Slashdotted, mirror: (Score:3, Informative)
Before they got slashdotted.. (Score:5, Funny)
text (Score:5, Informative)
There's a nerdy idea floating around that you can tell an uninformed Windows user to type "format c:" in the Run dialog to solve their problems. This is perpetuated in office jokes and comics among other places, but how many people have actually tried to destroy their using "format c:".
I made a goal for myself to find out what would happen if I ran "format c:" on a freshly installed Windows system and decided to compare it to the equally notorious "rm -Rf
Read more for the destruction of two perfectly good operating system installations.
My target OSes were Windows XP Pro and Ubuntu Linux, both with all the latest and greatest updates. The installs were both fresh and no additional security settings had been set. Ubuntu asked me for a password during installation, Windows did not, which we will see makes a difference later down the line.
First I established a baseline for my environment: a virtual shell parked at the root of the file system (C:\ for Windows, / for Linux).
Windows Linux
Larger Image Larger Image
Well, that was simple enough. Getting to each file system's root was a nearly identical process. Now is where things will change, however. In Windows, I am going to attempt to format the drive, a low level operation which usually occurs on drives not being used and in Linux I am going to attempt to remove all of the files from the filesystem. Both should give me an empty file tree when I'm done, but come at it from different angles. In Windows, I use the "format c:
Windows Linux
Larger Image Larger Image
Thankfully, and as I expected, neither of these commands wiped out my filesystem. To my shock, Windows looked as if it was going to comply with my wishes. It asked me if I would like to proceed and I confirmed that indeed I would. Ah, but as I expected, the drive was mounted and could not be formatted until it was unmounted; so I told it to try to forcefully unmount the drive. Finally it told me that it could not gain sole access to the drive and would not continue. So, straight away "format c:" will not erase your hard drive! Now how did Linux fare? Also, as I expected, almost nothing was deleted by my "rm -Rf *". My personal home directory (~/jonathanhohle) might have been erased, I didn't think to check it before I moved on. All in all, however, both systems were still up, stable, and in need of more abuse!
Windows Linux
Larger Image Larger Image
Larger Image
Larger Image
My goal was to mass erase these disks from the command line and so far I hadn't had much luck. With Windows I knew I was going to have to take a different approach, with Linux, I knew exactly what I had to do to kill this system.
I decided to attack Windows from the same attack point as I was hitting Linux. Instead of trying to do a low level erasure of my files I was just going to recursively delete them. So after a little mucking around at the command prompt, I came up with "del
Windows Linux
Larger Image Larger Image
Well, that did the trick on both systems with one caveat. As the first Linux screenshot under this paragraph shows, Linux would not continue with the command until the root password was entered. Windows, on the other hand had no problems going to town unlinking files after the [Enter] key was struck.
Windows Linux
Larger Image Larger Image
Afte
you know (Score:5, Funny)
i'll go back to laughing at the election results. or was it crying, i cant remember now.
sudo password (Score:5, Insightful)
Re:sudo password (Score:5, Informative)
I believe that Solaris no longer has a root user either (for security), and that you must sudo everything. Someone feel free to correct me (well this is
Re:sudo password (Score:5, Informative)
In Trusted Solaris they also have root but since this is a high grade security OS, root is not god. You have labels (top-secret, restricted etc... iirc). So you might have root-access on a low level label and not being able to do anything.
Re:sudo password (Score:4, Interesting)
Re:sudo password (Score:4, Funny)
Earlier in the game, Magicbane will serve you better (magic resistance, engraving, and curse resistance).
Re:sudo password (Score:5, Funny)
You: My hard drive is fritzed, the s.m.a.r.t. diagnostics indicate a hardware failure.
Apple: Is root user enabled?
You: Yes, I am an old skool unix geek that has to have a terminal with '#' open at all times when I am at my system, along with my case of mountain dew and tub of beef jerky.
Apple: Sorry then, enabling root user voids your hardware warranty.
You: But I have to test out this rm -Rf / thingy
Apple: Not on our dime, you root abuser. Use sudo instead after you have purchased a new hard drive.
My guess is this is a lie that someone perpetuated to get some n00b to keep from (unwisely) enabling r00t.
Re: (Score:3, Informative)
google cache link. (Score:2)
Yes I rta (Score:2, Interesting)
To remove this comment press F4 on windows...
And FP btw
Re:Yes I rta (Score:2, Interesting)
rm -Rf / and format c: are not the same. (Score:4, Informative)
The issue of Linux not running as cleanly after all the files are whiped out vs. Windows still able to run isn't much a means of stability. Remember in Linux/Unix systems, Everything is a file. While in windows it is some hodgepodge framework where some are files and other are not. So naturally if you wipe out all the files on a Linux/Unix system problem will happen. While windows which puts a lot of its features in memory and stayes there so it can still operate even after you logout. In some ways having X windows crash after you try to leave is a good thing because you know that something is wrong sooner. vs. Windows just acting like nothing happend.
Re:rm -Rf / and format c: are not the same. (Score:5, Informative)
Re:rm -Rf / and format c: are not the same. (Score:5, Informative)
The difference lies in the ownership design, wherein Windows locks a file when it is opened and leaves it at that until closed. Linux, on the other hand, works with the current snapshot of the file.
File locking is a good thing in the demonstrated situation, as graceful error recovery is important. IMO this case shows the very reason for it being implemented in Windows. Most Windows users have administrator privileges which allow them to delete files they shouldn't be able to, while Linux uses a more strictly separated user concept where regular users are not able to delete crucial system files.
While sometimes file locking is necessary (and in the UNIX case has to be done manually), general file locking is not a good thing because it prevents live system updates. This is why you can update your whole Linux system (besides the running kernel) without rebooting, a thing impossible for Windows installations.
Re:rm -Rf / and format c: are not the same. (Score:3, Informative)
If you use unix/linux, try this experiment:
Create a file foo.txt. Open it with an editor.
Now, from a separate shell, rm the file.
The editor can still save changes. As soon as the editor exits, the file will be completely deleted. I'm not sure about current versions of linux, but in the past at least you could do an ls -a of the directory containing the file and see a hidden file with a random name wh
Try it with NFS... (Score:5, Funny)
I'll tell you what happens. What happens is that the next several days are very, very, very long and very, very, very uncomfortable.
Re:Try it with NFS... (Score:2, Funny)
I once saw a script that had "rm -rf $(FOODIR)/*".
No problem in that. Except that one adminstrator run it as a root and nobody had thought to define $FOODIR for root...
Re:Try it with NFS... (Score:5, Interesting)
1. He left the root of the storage array mounted
2. He left it mounted under
3. He left the tmp-cleaning cron job enabled
When we started to see user file go away (but directories left intact) we thought we were under some kind of attack... we were right in a way
Re:Try it with NFS... (Score:5, Informative)
Use the -- argument to indicate that all following parameters are filenames, and are not to be parsed as options:
rm -f -- *
... or errant symlinks (Score:4, Interesting)
Along the same lines, I had at one point a link "~achurch" in my public_html directory, for compatibility after my homepage changed URLs. So (you can guess what comes next, I'm sure) I decided one day, several years later, to clean up my web stuff:
$ rm -r tmp/ x.html [...] ~achurch/ /home/achurch/.xcdroast? _
rm: override permissions 000 for
I have no idea why mny .xcdroast was 000, but it saved me a huge amount of frustration. I now place a file "..norm-r", mode 000, in important directories and rename things around to make sure it's always first in the directory file. And I never, ever use -f.
Re:Try it with NFS... (Score:3, Informative)
It all depends on whether the file "-r" is first the collating sequence. When I added a file called "+r", the -r was treated as a regular file rather than a switch.
About that (Score:2)
I don't find it interesting though. What's next, comparing PS2 to Xbox by hammering them with a brick and see how much damage is made?
slow? (Score:3, Interesting)
Re:slow? (Score:4, Informative)
Anyone know why this is (is NTFS slow, or is it the del command as the author guessed, or is there some other reason for this).
Actually, a big chunk of this is screen I/O. The fix? Instead of using del (which likes to print out the names of all files it deletes), use rmdir /s /q. It goes much much faster (and yes, this is speaking from experience, though good experience, for a change).
Get a life (Score:5, Insightful)
this proves almost nothing.
This guy really needs to find something better to occupy his time with, ideas include polishing the spoons, re-arranging the sock drawer and cleaning the fridge.
We all know the best way to screw a Windows XP SP2 user is to convince them to turn off the firewall
mod me down, see if I care
Re:Get a life (Score:3, Funny)
Some might argue that simply having Windows XP means the users have already screwed themselves.
Shred (Score:5, Informative)
Re:Shred (Score:3, Informative)
Gut the disk? Surely you jest. I've personally done security forensics on many recovered drives in S&S raids, and there are a lot of amateur techniques attempted to "erase" data. Most of them don't work. Unless the actual drive electronics are damaged, you don't have to "gut the drive" to get the data back, up to 7 low-level format
More efficient way (Score:2)
# rm -rf
I have did this (twice) by trying to delete something in
rm -Rf / (Score:5, Funny)
Re:rm -Rf / (Score:2)
I wanted to kill myself after that one.
Re:rm -Rf / (Score:3, Funny)
--Dan
Go away, you don't exist (Score:4, Interesting)
rm -rf / protection in Solaris (Score:3, Interesting)
When ls is hosed... (Score:5, Insightful)
echo *
Re:When ls is hosed... (Score:3, Informative)
Re:When ls is hosed... (Score:3, Informative)
I could have done with tip that a few weeks ago. The UK TiVo has a serial port on the back which allows you to get a bash shell, unfortunately there is no 'ls' on the damn thing, so I ended up using 'file ' to get a directory listing.
Just for info, echo */ will list only the directories.
dissecting frogs.. (Score:4, Insightful)
E. B. White (1899 - 1985)
Unix file philosophy (Score:5, Informative)
It seems that the author misunderstands an important part of the Unix philosophy:
That's far from true. Linux locks the executable file, i.e. if you attempt to open it for writing, you get an error. You can, however, remove the directory entry, in which case the file is retained as long as the program is still running.
Under Linux, a file can have zero, one, or more directory entries (a.k.a. hard links). It's not possible to remove files, only directory entries can be removed. The kernel removes the file automatically once two conditions are fulfilled:
In fact, under Linux the /proc filesystem allows it to get the contents of an open file back even if it has no directory entries outside of /proc.
Re:Unix file philosophy (Score:3, Insightful)
The Unix Way
The Windows Way, also known as "please reboot for the changes to take effect"
The OS really really should _not_ try to second-guess whats wrong or right, just let the user do it. The running application may still enforce certain rules if it has to.
Re:Unix file philosophy (Score:4, Insightful)
1) is better, and it would be better even if /proc didn't exist. There is no reason why every file must be accessible through a directory entry.
Without this mechanism, it would be impossible to replace the directory entry corresponding to an open file atomically, which is a prerequisite for updating running executables or shared libraries.
As I explained, removing a file which currently being used is not only hard, but impossible. Only the corresponding directory entries can be removed.
In the good old days (Score:4, Funny)
C:>FORMAT
Insert floppy into drive C: and hit return.
The rest is history. As was everything on the drive.
Kerry and Bush systems (Score:3, Funny)
format c:
rm -Bush *
The results were very telling. Both candidates made about 5,000 prompts all on the order of "5 more years?:" and "The American people will pick the right man for 5 more years?:". As most of these prompts were gibberish, I responded in a random fashion.
In the end, the files of the Bush system remained on the system, but still functioned poorly and continued to periodically core dump.
What amazed me on the Kerry system was that the files actually wrote over themselves many times before all simultaneously deleting!
All in all, the process took about 7 months and I can honestly say that I hope never to have to do that again. Further more, based on how both operate when active, I would like to see a completely new category of OS if I do have to go through this again.
ls (Score:3, Insightful)
Szo
I hate the finnish keyboard layout (Score:4, Funny)
Ok, I've just finished installing Linux on a fresh hard drive and have spent a few hours editing stuff in /etc using my favourite editor joe. The editor creates backup files everytime it overwrites a file, naming them as the original filename with a tilde appended. I wanted to quickly remove all the backup files so I typed
But curses, my caffeine-overloaded fingers were too quick to hit that spacebar and I ended up with AARGH! There goes BOTHnot as thorough as... (Score:4, Funny)
These methods are pretty good ways to kill a system. However, I found that a large electromagnetic field generated by an old bulk eraser produces similar results in just seconds! Man, was my cube mate pissed!
I don't have screenshots, though. I think I'm sterile, too.
NTFS is much slower then EXT3 ??? (Score:5, Informative)
I believe he is wrong. Firstly, everyone knows how dogg slow EXT3 is at just about everything.
There is an easy fix for this -- just don't have massive amounts of text scrolling through a windowed command prompt; minimize the window, pipe the text to a file, or even make the command prompt full screen. Any of the above tricks will dramatically speed things up, as the CPU is no longer spending large amounts of its time writing text to the screen.
If anyone out there is feeling adventurous (or insane), go ahead and try to replicate Jonathan's test -- only don't leave the command prompt in windowed mode. Minimize it or redirect the text. I'd bet you my ex-girlfriend's right arm that NTFS is suddenly as fast as, if not faster than, EXT3.
A Fun Game! (Score:3, Funny)
We then took turns at throwing stuff at the keyboard to see if we would just-so-happen to hit the Enter key.
Luckily, none of us were very good shots...
RM
Commands from the wrong era! (Score:3, Insightful)
I speak from personal experience on both OSes; 20 years ago, when both OSes were still young.
A fair test of these punch lines can only be executed on MS-DOS 1.x and on one of the *many* UNIX varients from the mid-1980s.
Nothing hides evidence like a stew. (Score:3, Funny)
Interesting error messages (Score:3, Funny)
"You don't exist, go away!"
Very amusing.
Anybody know which Linux package is responsable for this message?
Re:Interesting error messages (Score:3, Funny)
It doesn't exist. Go away.
Re:rm -fr / (Score:2, Funny)
rm
as in "remove france"
Re:rm -fr / (Score:3, Funny)
Re:rm -fr / (Score:2, Funny)
Now pass the freedom fries!
Re:rm * (Score:3, Insightful)
Re:The most beautiful of all solutions (Score:3, Interesting)
A couple months ago I bought a new system and after I got done transferring my files I gave my room mate my old drives. One of them worked OK on her Windows system for all of about 3 days, then she tells me that her friends who provide her Windows support though I was some sort of IT God because I'd set Windows up so that they couldn't delete the files on that drive, even with admin support. I disclaimed all responsibi