# DO not scrubbing disks?



## scv (Dec 30, 2013)

https://github.com/fog/fog/issues/2525

How can something like this get overlooked? One would think if they made a design choice to reuse block-level media instead of use some sort of virtual disk, the idea of sharing the drive between two users might've come up at some point?

What do you guys think? Is this going to be a recurring problem with new panels showing up on the market?


----------



## Aldryic C'boas (Dec 30, 2013)

Given the amount of amateurs making panels at this point (no, that's not an insult.  By definition you are an amateur as most of you are on your first attempt at doing something like this ;  not amateur as in 'unskilled'), it's likely we're going to see a good bit of "Oh god what were they thinking" before folks get a good grip on what they're doing.


----------



## KuJoe (Dec 30, 2013)

Wasn't there an article on a high traffic news site last year about this?

EDIT: http://www.wired.com/wiredenterprise/2013/04/digitalocean/

EDIT2: https://www.digitalocean.com/blog_posts/resolved-lvm-data-issue


----------



## Jack (Dec 30, 2013)

https://news.ycombinator.com/item?id=6983097


----------



## GIANT_CRAB (Dec 30, 2013)

wtf, why is almost everyone calling DO a cloud service when its not?????


----------



## rds100 (Dec 30, 2013)

Apparently everything with hourly billing can be called cloud. Ask swiftway.


----------



## jebat_ks (Dec 30, 2013)

KuJoe said:


> Wasn't there an article on a high traffic news site last year about this?
> 
> EDIT: http://www.wired.com/wiredenterprise/2013/04/digitalocean/
> 
> EDIT2: https://www.digitalocean.com/blog_posts/resolved-lvm-data-issue


This.

DO add scrubbing disk options after that. Just not by default.


----------



## nunim (Dec 31, 2013)

jebat_ks said:


> This.
> 
> DO add scrubbing disk options after that. Just not by default.


Yeah this is old news.  They give you an option to scrub your disk on Droplet destroy and tell you how long it will take.  I don't bother as I don't store anything sensitive on DO, I just use it as a dev environment to test scripts and such, if they want to recover my LXDE image, go for it.


----------



## yolo (Dec 31, 2013)

Just curious, does solus scrub?


----------



## jebat_ks (Dec 31, 2013)

nunim said:


> Yeah this is old news.  They give you an option to scrub your disk on Droplet destroy and tell you how long it will take.  I don't bother as I don't store anything sensitive on DO, I just use it as a dev environment to test scripts and such, if they want to recover my LXDE image, go for it.


And now they scrub by default

https://news.ycombinator.com/item?id=6989211


----------



## HostGuard (Dec 31, 2013)

It definitely makes sense for hosts to have this enabled by default.

Although there are people out there that have wiped their VPS and needed a method to recover their 'destroyed' data.

I understand if they were only using their control panel internally or for other purposes why scrubbing is disabled, but for hosts it should be forced on at least.

For example, we provide the following global options:

- Always scrub

- Never scrub

- Scrub per VM

If you are truly worried then encrypt your volume and don't ever store the private key on the encrypted volume.


----------



## Francisco (Dec 31, 2013)

GIANT_CRAB said:


> wtf, why is almost everyone calling DO a cloud service when its not?????


Because that's what they call themselves. As someone else said, if you have hourly billing and 'no wait provisioning', then lots of people count that as cloud.

It's the great thing about using a word w/o any set definition. You can bullshit the whole thing and hope it goes w/o issue.

EDIT - While I know some .gov agency gave their blessing to what they feel 'cloud' is, everyone and their dog is 'cloud' now.

Hell, there is more than a couple providers that are just run of the mill Solus + WHMCS and they market themselves as being

cloud on the basis of 'Its a service that you dont manage the underlying hardware of'.

Francisco


----------



## scv (Dec 31, 2013)

yolo said:


> Just curious, does solus scrub?


Solus uses file backed disk storage AFAIK, so they wouldn't be affected.



nunim said:


> Yeah this is old news.  They give you an option to scrub your disk on Droplet destroy and tell you how long it will take.  I don't bother as I don't store anything sensitive on DO, I just use it as a dev environment to test scripts and such, if they want to recover my LXDE image, go for it.


It should remain news until the option is default (which apparently now it is). Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.


----------



## bdtech (Dec 31, 2013)

jebat_ks said:


> And now they scrub by default
> 
> https://news.ycombinator.com/item?id=6989211


I'm curious what they implemented all of a sudden...
"Additionally, we've re-engineered the way we're provisioning disks and access to previously written data is no longer possible."


----------



## tchen (Dec 31, 2013)

Their rationale for turning it to default-off.

https://digitalocean.com/blog_posts/transparency-regarding-data-security


----------



## Francisco (Dec 31, 2013)

I would have assumed they were using QEMU and not LVM's, especially for snapshots/backups!

Francisco


----------



## tchen (Dec 31, 2013)

scv said:


> Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.


I'd be wary of any random 'cloud' provider.

AWS went through a lot of teething pain themselves while they were getting their security compliance requirements done (PCI and gov).  It's amazing how much crap goes into regulatory compliance.  For the not so small list





SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)

SOC2

SOC3

FISMA, DIACAP, and FedRAMP

PCI DSS Level 1

ISO 27001

ITAR

FIPS 140-2 




In any case, they probably spent more on their compliance teams than DO got in their VC funding


----------



## Francisco (Dec 31, 2013)

scv said:


> Solus uses file backed disk storage AFAIK, so they wouldn't be affected.
> 
> It should remain news until the option is default (which apparently now it is). Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.


Incorrect. Solus uses straight LVM's.

Francisco


----------



## wlanboy (Jan 1, 2014)

Funny how cloud users think about the product they are buying.

Same security issue with hard drives out of storage devices.

Is everyone sure that his provider is destorying the drives that are end of life (SMART) or flipped out of the array?


----------

