DO not scrubbing disks?

scv

Massive Nerd
Verified Provider
https://github.com/fog/fog/issues/2525

How can something like this get overlooked? One would think if they made a design choice to reuse block-level media instead of use some sort of virtual disk, the idea of sharing the drive between two users might've come up at some point?

What do you guys think? Is this going to be a recurring problem with new panels showing up on the market?
 

Aldryic C'boas

The Pony
Given the amount of amateurs making panels at this point (no, that's not an insult.  By definition you are an amateur as most of you are on your first attempt at doing something like this :p;  not amateur as in 'unskilled'), it's likely we're going to see a good bit of "Oh god what were they thinking" before folks get a good grip on what they're doing.
 
Last edited by a moderator:
  • Like
Reactions: scv

nunim

VPS Junkie
This.

DO add scrubbing disk options after that. Just not by default.
Yeah this is old news.  They give you an option to scrub your disk on Droplet destroy and tell you how long it will take.  I don't bother as I don't store anything sensitive on DO, I just use it as a dev environment to test scripts and such, if they want to recover my LXDE image, go for it.
 

HostGuard

New Member
Verified Provider
It definitely makes sense for hosts to have this enabled by default.

Although there are people out there that have wiped their VPS and needed a method to recover their 'destroyed' data.

I understand if they were only using their control panel internally or for other purposes why scrubbing is disabled, but for hosts it should be forced on at least.

For example, we provide the following global options:

- Always scrub

- Never scrub

- Scrub per VM

If you are truly worried then encrypt your volume and don't ever store the private key on the encrypted volume.
 

Francisco

Company Lube
Verified Provider
wtf, why is almost everyone calling DO a cloud service when its not?????
Because that's what they call themselves. As someone else said, if you have hourly billing and 'no wait provisioning', then lots of people count that as cloud.

It's the great thing about using a word w/o any set definition. You can bullshit the whole thing and hope it goes w/o issue.

EDIT - While I know some .gov agency gave their blessing to what they feel 'cloud' is, everyone and their dog is 'cloud' now.

Hell, there is more than a couple providers that are just run of the mill Solus + WHMCS and they market themselves as being

cloud on the basis of 'Its a service that you dont manage the underlying hardware of'.

Francisco
 
Last edited by a moderator:

scv

Massive Nerd
Verified Provider
Just curious, does solus scrub?
Solus uses file backed disk storage AFAIK, so they wouldn't be affected.

Yeah this is old news.  They give you an option to scrub your disk on Droplet destroy and tell you how long it will take.  I don't bother as I don't store anything sensitive on DO, I just use it as a dev environment to test scripts and such, if they want to recover my LXDE image, go for it.
It should remain news until the option is default (which apparently now it is). Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.
 

Francisco

Company Lube
Verified Provider
I would have assumed they were using QEMU and not LVM's, especially for snapshots/backups!

Francisco
 

tchen

New Member
Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.
I'd be wary of any random 'cloud' provider.

AWS went through a lot of teething pain themselves while they were getting their security compliance requirements done (PCI and gov).  It's amazing how much crap goes into regulatory compliance.  For the not so small list




  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
  • SOC2
  • SOC3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 27001
  • ITAR
  • FIPS 140-2 



In any case, they probably spent more on their compliance teams than DO got in their VC funding :p
 

Francisco

Company Lube
Verified Provider
Solus uses file backed disk storage AFAIK, so they wouldn't be affected.

It should remain news until the option is default (which apparently now it is). Do you see other "cloud" providers offering you this feature? When you delete a disk at AWS it will wipe the backing storage no questions asked.
Incorrect. Solus uses straight LVM's.

Francisco
 
Last edited by a moderator:

wlanboy

Content Contributer
Funny how cloud users think about the product they are buying.

Same security issue with hard drives out of storage devices.

Is everyone sure that his provider is destorying the drives that are end of life (SMART) or flipped out of the array?
 
Top