On Jun 2, 2014, at 15:06, Dale <rdalek1...@gmail.com> wrote: > Rich Freeman wrote: >> If you're worried about casual thieves then just about any kind of >> properly-implemented encryption will stop them. >> >> If you're worried about a government official specifically tasked with >> retrieving your computer, my understanding is that it is SOP these >> days to retrieve your computer without powering it off for just this >> reason. They won't use your UPS to do it. Typically they remove the >> plug just far enough to expose the prongs, slide in a connector that >> connects it to a UPS, and then they pull it out the rest of the way >> now powered by the UPS. >> >> See something like: >> http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/ >> >> Presumably somebody who is determined will also have the means to >> retrieve the contents of RAM once they seize your computer. Besides >> directlly accessing the memory bus I think most motherboards are not >> designed to be secure against attacks from PCI/firewire/etc. >> >> Rich >> >> > > > Now that is wicked. Like I said, this could get crazy. ROFL Thing is, > with Linux, it could be set up to run a script so that if say the > keyboard/mouse/some other device is removed, it runs shutdown. It seems > the biggest thing as for as Govt goes, having it do something they can't > anticipate it doing that locks things down or does a rm -rfv /* or some > other nasty command. > > I might add, on a older rig I tried that command once. I ran rm -rfv /* > and it didn't erase everything like I thought it would. I figured the > command would be loaded in ram and would run until the end of the / > structure. It didn't. I can't recall how far it got now but I think it > was in the /proc directory. I figure it deleted the process and sort of > forgot to finish. It's been a while since I did that tho. Details are > fuzzy.
Well rm does not remove anything. It just unlinks the data. If you use journalling fs, everithing is recoverable from journal easily. And even without the journal you will easily get most of the data. dd if=/dev/zero of=/dev/your-root-drive bs=4096 This will wipe data so that it is quite hard to retrive it. Retriving would require opening the drive, etc... -- -Matti
