Ask Klaus!


Klaus Knopper is the creator of Knoppix and co-founder of the LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com

Disk Erasers

Question:

I would like to wipe out any intelligence through the end of the disk (LILO and particularly GRUB) and to stop any interference with cleanly loading a new operating system. So far, I have been able to remove miscellaneous data, but I never could prove GRUB was gone and not thwarting my new operating system install.

Answer:

As I understand your question, your goal is to erase any data on disk (i.e., overwrite all files and the directory structure) and also erase the boot records. Please note that these are generally operating system--independent, different objectives:

1. The structured data part (i.e., the filesystem): This part makes it possible to view data as named files and directories. This logical tree-like ordering of the otherwise random file contents is probably what you called the "intelligence" of the disk, although it is our way of thinking that makes us store data that way instead of writing down indexes and locations of data.

2. The parts with data-describing disk and filesystem geometry: One is called the "partition table," which is usually located inside the first 512 bytes of the entire disk. Inside these 512 bytes, starts and ends of partitions are kept, plus some information about the proposed purpose of each partition (the so-called partition ID) and a flag that tells whether or not the partition is bootable. This information is being read by the computer's BIOS at cold reboot to find out where the bootable operating system partition is located.

Also, at the start of each partition and inside the beginning of filesystem-specific bits, a small architecture-dependent bootloader - or at least a redirector to blocks on the disk containing a boot program - can be located. If - and how much space for - bootloader code is possible in this part depends on the filesystem type. Inside the first 512 bytes of the disk, the master boot record (a small program directing the BIOS loading routines to the partition-to-boot, or directly to a bootloader on disk) can be present.

Part 2 is where sometimes amazing and confusing things happen. Imagine you just formatted every single partition of your hard disk in order to install a new Linux distribution (or a different operating system), but when you boot the computer, it boots your old operating system, yet halts at a certain point because the programs are gone. This is caused by two things, the first being the master boot record (MBR), which still points to the old bootloader.

The second thing is that the old bootloader has not been erased by formatting all partitions, because formatting in terms of filesystems just means that you create an "empty" file system root entry. Previously existing data is usually not erased, because it would be very slow to erase each and every single block on a huge hard disk. Therefore, just cleaning file systems on each partition - you could call it "quickformat" - does not really erase data.

mipan, Fotolia

Because all unencrypted data - such as password lists, private email, and documents - can easily be restored and exposed by using a program like Foremost, which just scans for well-known filetype signatures and is capable of restoring undamaged files perfectly, this can be a security risk. For example, consider the flash disk of digital cameras: After accidentally "formatting" it from the menu of your camera, using standard GNU/Linux equipment, you can still fetch most of the pictures that had been there previously.

The same applies to "formatted" hard disk, such as those often sold in online auctions and, unknown to the former owner, on which the data was never really erased.

Data can be completely erased by not only formatting, but also overwriting a partition. For most purposes, such as fresh installations, overwriting everything with zeros is sufficient; however, for some kinds of magneto/optical forensic recovery methods, it is slightly safer to use random data and overwrite multiple times, as an attempt to rule out leftover tracks caused by the disk geometry. This should not be necessary for flash memory, however.

The following are examples for total data destruction, but note that this will kill everything on your disk, so make sure that you are using the correct disk device name - /dev/sda is just an example here.

  1. To overwrite and make unusable any data on the entire disk, you can use
    cat /dev/urandom > /dev/sda
    which will also kill the partition table and all filesystem metadata and file data.
  1. A faster command line is
    dd if=/dev/urandom of=/dev/sda bs=1024k
    which will use a block size of 1MB and tell you how many 1MB blocks have been written after finishing.
  1. The program Wipe is supposed to produce a more thorough deletion by overwriting several times with different data, but it also takes significantly longer to complete [1].

The main point is to erase the entire disk, not just one partition, and remember that the first 512 bytes contain the master boot record.

Considering that a lot of random data has to be produced, this can be somewhat CPU intensive, and also the speed and size of your hard disk determine whether you have to wait for a few minutes or hours until completion.

For a quick way to erase just the "intelligence" concerning the partition table and master boot record, so that you can install a fresh operating system without interfering with pre-existing boot records, enter

dd if=/dev/zero of=/dev/sda bs=512 count=1

which will clear the partition table only. In combination with the previous commands, you get an empty and non-recoverable hard disk with no partitions, which is the best start for a completely new installation.

If you are in a hurry and don't care about still having recoverable fragments of old data on your disk, emptying the partition table and master boot record this way is sufficient for a new installation. This way, the BIOS will not be able to find any boot records and will report a "non-bootable disk" until a new operating system is installed.

If you want to keep partitions and only want to get rid of a master boot record that tries to boot something from a partition that you don't want to boot directly, I recommend either install-mbr or ms-sys, which can produce empty or "boot from partition x" master boot records, without destroying the partition table. This is a good choice if you just want to use the bootloader from a specific operating system partition, but your existing MBR decided that it wants to boot from a different partition or operating system, such as an MBR-installed GRUB or LILO.

Knoppix Questions

Question:

I am a US Navy Sailor and I have some questions regarding the future of Linux versus giants such as Microsoft and Apple. I started back in the mid-1980s in a computer programming class in high school and wrote my own video games. I think I might have even been one of the first people to have written out a complete boot logo screen pixel by pixel.

I'm interested in learning how to write code for Linux, or even make my own distro someday, but I find playing with Linux very difficult when out to sea on a US Navy ship. We have no reliable Internet connection - a single JPEG can take 20 minutes to download, if it does at all.

Is it possible to order a customized Linux distro - something that will do everything Vista can do on a fresh install or better, with the wireless Internet already installed and perhaps with Flash and other plugins for web surfing?

I love how your Knoppix [2] came prepackaged with many tools already in it. Can things like Wine, Java, Flash, VirtualBox, etc. come with the package too?

I'd like to get a distro that can do everything Windows can do and more, such as letting me play an old DOS game. Or if I have to have Windows at all, I would like to install Windows-based games easily - even the new DirectX 10 games - and play them seamlessly in Linux.

I know there are licensing issues, but what I don't understand is that most of these companies offer their products for free anyway online - Java, Flash, DVD codecs, etc. If licensing is such an issue, can't they just include the EULA with the deb package?

Also, could you point me to a good link, or possibly send me a text version of a Linux tutorial? I'd really like to know what I can do with Linux and what I can do with the terminal, among other things, within Linux.

I'd even be interested in buying some sort of interactive training course on Ubuntu or Knoppix. Unfortunately, I cannot browse the Internet or download anything. I've been trying for a month just to download Wine.

Answer:

I have not missed anything on GNU/Linux yet, so I am curious why anyone needs Windows. Most of the things GNU/Linux does are unmatched by Windows. Of course, you can run Flash and other proprietary software on Linux, once you've accepted the end-user license and its obligations.

Because the sales model in open source is completely different from proprietary software - you can't charge per copy, so you also cannot pay sublicense fees by copy - the real problem is that distributors (i.e., people or companies who sell or offer the software for free) don't get a redistribution license. Thus, including proprietary software is less of a problem with other proprietary software, but we try to keep the entire GNU/Linux system free of proprietary claims so it stays freely distributable for any purpose - regardless of whether it's non-commercial or commercial.

Even if the license of some "free" plugins is acceptable by end-users, it still requires that you accept the license or the software cannot be used or distributed. So, in your case, it is probably the best choice to select a free distribution and, when you get an Internet connection, also download all additional proprietary packages you want (and can accept license-wise) for your distribution and install them later.

Wine [3] and VirtualBox [4], two applications you mentioned, have an open source license and are part of the Knoppix DVD. Java has a freely distributable binary license and is also part of the DVD, including the development environment.

As for DVD keys - you mean CSS, copy protection - in some countries, it is illegal even to play your legally bought CDs or DVDs on your own computer with free software because it violates copyright law to "circumvent" copy protection without a valid license for the key. Currently, the only player with a licensed key that I know of that can legally play CSS-protected DVDs, is LinDVD, a commercial software DVD player (notwithstanding the fact that you can, from the technical side, also do this easily with free software, but telling you how to do so would violate the DMCA).

Because you want to start some programming on GNU/Linux, I think you can learn most about this by looking at programs you like and studying how they are built. Considering your experience in programming, it should not be too difficult for you - most utilities and desktop applications are written in C or C++.

I cannot really recommend a single GNU/Linux introduction or course, because it depends on what you plan to do. Most users, working from the Linux operating system, would rather learn specific applications than "Linux" itself. Knowing the naming scheme of storage devices - i.e., where to save and find your stuff when working - is probably a good idea, but other than that, you always work with applications and not with the operating system itself - the same as with Windows. When you have Internet access, sites such as http://tldp.org/LDP/intro-linux/html/, http://www.linux.org/lessons/beginner/index.html, or even Wikipedia should be good starting points for introductions and links for Linux-based applications. Also, I'd recommend downloading the free books and reading them offline.

Pinball Wizard?

Question:

I noticed your startup and shutdown sounds come from the pinball machine SafeCracker. Are you a pinball collector?

Answer:

Actually, the sounds come from the former Mandrake Linux "space sounds" collection, which is GPL-licensed and still available on some mirrors. I don't know how they produced these sounds - maybe they were inspired by different programs, but then again, maybe SafeCracker was also inspired from another resource.

Tri-Boot Tribulations

Question:

I am attempting to tri-boot a 3.6GHz P4 80Gb SATA drive machine with XP, Freespire, and Ubuntu, and it has failed twice, each time leaving my computer in a state in which it won't reboot into XP. After partitioning the drive, I attempted to install Freespire, only to have it spit out the disc at 90 percent completion, saying it couldn't install the X server (Error 209). I searched the Freespire support forum for that error and found it. Freespire seems to be touchy about whether or not the drive is "clean."

Since then, I have downloaded KillDisk, a utility to clean my hard drive. I assume that it is OK to clean the partition after reinstalling XP, repartitioning the drive, and cleaning the new partitions. I suspect that this is not the only reason for this error, but hope it is simply solved by cleaning the drive.

Will this solve the install problem?

Answer:

I am unsure what "clean" should mean here. Assuming it means "disk with no partitions," you would have to delete all partitions from the partition table - including your Windows partition. But maybe it just means that there should be empty space after the first partition, in which case, you would just resize the Windows partition and leave the space afterward empty (i.e., not create a second data partition). If the installation process breaks after 90 percent completion, it could just be the case that the empty space was too small to hold the installation.

INFO
[1] Wipe program: http://wipe.sourceforge.net/
[2] Knoppix: http://www.knoppix.net/
[3] Wine: see article on page 46 of this issue.
[4] Linux Magazine May 2008 virtualization issue: http://www.linux-magazine.com/issues/2008/90