Hacker Destroys Avsim.com, Along With Its Backups

el americano writes "Flight Simulator community website Avsim has experienced a total data loss after both of their online servers were hacked. The site's founder, Tom Allensworth, explained why 13 years of community developed terrains, skins, and mods will not be restored from backups: 'Some have asked whether or not we had back ups. Yes, we dutifully backed up our servers every day. Unfortunately, we backed up the servers between our two servers. The hacker took out both servers, destroying our ability to use one or the other back up to remedy the situation.'"

One word

Owned.

This should be a lesson...

To any sysadmins and DBAs...

Make sure you have offsite backups

Re:This should be a lesson...

[nemesisrocks]

Make sure you have offsite backups

In this case, even offline (as opposed to offsite) backups would have sufficed.

Removable hard disks, DVDs -- hell, even tapes. These are all forms of backups that can't be compromised (well, easily) over the internets.

Re:This should be a lesson...

[coryboehne]

It's actually very difficult to truly destroy data, especially remotely. There is actually a reason the DoD spec. requires physical destruction of the media.

Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.

The article doesn't lead me to believe that he's tried very hard to get this data back.. Maybe somebody (not me) who cares about this resource, should offer an attempt at data recovery.. Just be sure to hurry, before they do something that will ensure you cannot recover the data.

I've recovered data off of formatted HDD's, off of corrupted file systems, off of compact flash cards and other media (Really useful if you want to keep those photo's that someone thought was deleted, be aware of this people).

It's amazing how most people seem to think deleted means gone.

Re:This should be a lesson...

[_xeno_]

How about we just shoot all hackers?

I'm not sure how that will protect against data loss from equipment failure, natural disaster, fire, software failure, solar flares, Secret Service, or really anything other than hackers.

Offsite, offline backups aren't a good idea solely to protect against hackers. They're a good idea to protect against data loss in general.

Re:This should be a lesson...

[FredFredrickson]

Seriously, just load up an undelete program, or file restorer. Do a scan, and recover. This isn't rocket science..

Re:This should be a lesson...

[adolf]

What, you mean like this guy? You probably wouldn't even have the browser you're using right now if it weren't for that particular, uh. hacker.

Re:This should be a lesson...

this really is a pathetic situation. Everybody is hammering these guys for just mirroring their data and saying that they should have had off site backup.........true, they should have. What really is the issue here is that ASSHOLES feel the need to attack for the sake of attacking a site. It would be like me going out and punching random people in the face just because I can.

We have to stand up for those that cannot stand up for themselves.

People that destroy just because they can are completely USELESS...............and should be SHOT.

Re:This should be a lesson...

[linzeal]

Rootkits nowadays come with disk wiping utility.

Re:This should be a lesson...

[unlametheweak]

From the article

... we backed up the servers between our two servers.

Nope, backing up a server to another online server is not a backup, it's merely another online copy.

Re:This should be a lesson...

[Khashishi]

multiple times? I'd like to see you recover something that has been overwritten once.

Re:This should be a lesson...

[jamesh]

Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.

People keep repeating that mantra to each other, but is it really true? Getting data off a 'formatted' disk is pretty easy as a format rarely does more than write a few sectors at the start of the disk. Getting data off of a disk that has had 'dd if=/dev/random of=/dev/sda' done to it is a different matter altogether.

There have been papers written about getting some data out of the inter-track space, and scraping it off the noise floor etc with electron microscopes, but as far as I have researched, nobody has actually done it.

I put it to you that more people have had their kidney's stolen after meeting a pretty girl at a party than there have been disks recovered after being completely overwritten with random data.

Re:This should be a lesson...

But then who's going to take out the Gibson?

Re:This should be a lesson...

[Steffan]

... we backed up the servers between our two servers.

Nope, backing up a server to another online server is not a backup, it's merely another online copy.

It's the difference between HA [High Availability] and DR [Disaster Recovery].

Unfortunately, they suffered a disaster, not a 'mere' server failure.

All that said, my condolences to the server admin / founder, and especially, to all of the contributors. Thirteen years is a lot of data.

Re:This should be a lesson...

[unlametheweak]

Which reminds me. They could always use the WayBack Machine to (help in) retrieving their archives:
http://web.archive.org/web/*/http://www.avsim.com/

Google Cache seems to archive only the most recent pages:
http://74.125.95.132/search?q=cache%3Ahttp%3A%2F%2Fwww.avsim.com%2F&submit2=Google

Re:This should be a lesson...

[bill_kress]

Or pay them to find shit like this before someone does this.

The logic behind "Destroy your only resource that can work to actually help you fix the holes that will be exploited by foreign hackers or terrorists" is completely beyond me.

In fact, it seems so utterly stupid that I get furious every time I hear some thoughtless moron spout "Punish the hackers". Suggesting they should be killed? I'd personally sooner keep those intelligent if misguided people--being the only ones that are really going to be useful at preventing external penetration of our systems--and kill assholes who can't think of a solution beyond a statement like "Kill the hackers".

Not that I'd really condone either, but if I had to choose...

Re:This should be a lesson...

[Loki_1929]

I hear it's murder. ;)

Re:This should be a lesson...

[darkpixel2k]

Thirteen years is a lot of data.

Bah--it's not that bad. They actually have crude backups of all their terrain data. They just have to figure out how to restore from 'IRL' format.

Re:This should be a lesson...

[norpy]

Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.

A simple dd command with one run of 0's will permanently delete the data on a disk. Once upon a time it may have been possible to read the data after a single write but it is no longer possible. This challenge has been standing for quite some time and even though this is not proof of my assertion I am certain the multiple passes of writes thing is complete garbage.

Re:This should be a lesson...

[addsalt]

In fact, it seems so utterly stupid that I get furious every time I hear some thoughtless moron spout "Punish the hackers".

A little blame needs to come from all areas. Not every website or messageboard is run by someone with a CS degree with a minor in website security. A break-in of a government site or large corporate site is one thing, a family website another. This site is probably somewhere in between.

Saying it isn't the hackers fault that improper mehtods were used to secure a site is like saying it isn't the muggers fault that the lady's handbag was so easy to steal.

Re:This should be a lesson...

[LaskoVortex]

How about we start shooting people who can't recognize jokes. Sheesh.

Then who would mod for slashdot?

Re:This should be a lesson...

[someone1234]

So, when rats attack your cellar, you pick the most intelligent and ask for advice?
Or just kill them by anything at hand.

Re:This should be a lesson...

[adamchou]

Well, besides that, this site sounds like a community where people share UGC. This means that although they might not have it centrally backed up, they still have all the UGC out there, somewhere. I'm sure they can recover a good portion of their original content. The forums will be a bit harder to replace. But all that knowledge is in someone's head.

Re:This should be a lesson...

[Chrisq]

So, when rats attack your cellar, you pick the most intelligent and ask for advice?

Yes, he said don't worry about it and go back to posting on Slashdot.

Re:This should be a lesson...

[EvanED]

Because after all, we know that words only have one meaning, so if someone uses the word "hacker" one way, it must mean the same thing as when everyone uses the word hacker.

Re:This should be a lesson...

[unlametheweak]

Unfortunately, the main site content that was lost is the downloadable files, which aren't archived (since they're large.)

Which is what I suspected (I'm a not Flight-sim enthusiast, so am not familiar with their site, but I presumed there were probably large binaries). They may at least be able to get back a significant part of their forums and text based articles however. It's a start.

Re:This should be a lesson...

[short]

'dd if=/dev/random of=/dev/sda'

• Use /dev/urandom as /dev/random will immediately exhaust your kernel entropy pool and hangs to get more (or it is at least unusably slow). urandom is more than enough for this purpose.
• There are no reports anyone would be even able to restore data after rewriting them with simple /dev/zero. OTOH rewriting by /dev/urandom and /dev/zero costs mostly the same so why to care if /dev/zero is enough.
• cat /dev/something >/dev/sda is enough/easier on any Linux kernel, dd had to be used on some old commercial Unices nobody has seen for 30 years now.

Re:This should be a lesson...

[unlametheweak]

Because after all, we know that words only have one meaning, so if someone uses the word "hacker" one way, it must mean the same thing as when everyone uses the word hacker.

I think everybody in the Linux and MS-DOS-prompt community knows what a hacker is. However, I will supply you with a formal definition:

According to Eric S. Raymond, a confirmed higher deity and the mastermind behind the geek unification conspiracy, hackers are a group of neo-pagan, anarchist, smelly, arrogant, gun nuts and highly intelligent bastards who wish to establish an intellectual junta, which will be known as The Irate Rand-worshiping Anarchist THC-growing E-lliance, or IRATE.

- Ref: http://uncyclopedia.wikia.com/wiki/Hacker

Re:This should be a lesson...

[EvanED]

I think everybody in the Linux and MS-DOS-prompt community knows what a hacker is. However, I will supply you with a formal definition:

Why's that the definition we should be using? Are we in the Linux and MS-DOS community? Hell, even /. doesn't fall into that camp; last I heard (which was admittedly a good while ago) the majority of visitors here were using IE.

And I can also supply the definition for a hacker, from a bit more authoritative sources than uncyclopedia. One of Random House's definitions is "a microcomputer user who attempts to gain unauthorized access to proprietary computer systems." Or the American Heritage Dictionary: "One who uses programming skills to gain illegal access to a computer network or file."

Sure, both of these have the "computer enthusiast" definition preferred by ESR too, but that's my point -- words have more than one meaning. And unless you're not very familiar with English, stupid, or deliberately being obtuse, it's pretty clear which one is intended here.

And unless there's something big that Jamie Zawinski's wikipedia page leaves out, one of those applies to adolph (the poster I was responding to originally).

Re:This should be a lesson...

[QuoteMstr]

pv < /dev/zero > /dev/device is pretty nifty too.

Re:This should be a lesson...

[funkboy]

What, you mean like this guy? You probably wouldn't even have the browser you're using right now if it weren't for that particular, uh. hacker.

And ironically, JWZ has a pretty good simple guide on backups: http://www.jwz.org/doc/backups.html

Re:This should be a lesson...

[Scaba]

Why would you put that on your resume?

Re:This should be a lesson...

[wumingzi]

Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.

The DoD spec is written as it is for a reason. Given a drive with confidential data on it, an unauthorized person attempting to access the drive does not need to get everything back to pristine condition. Even recovering a small part of the total data set can cause incalculable damage if it's the right small part. The value of sites like Avsim are in the whole rather than the sum of the parts.

I've recovered data off of formatted HDD's, off of corrupted file systems, off of compact flash cards and other media (Really useful if you want to keep those photo's that someone thought was deleted, be aware of this people).

There's a large dependency on what you're trying to recover off of. DOS/NTFS are fairly easy to do recovers from. The first character of the filename is zilched out and the rest of the data to find the file is left intact. UNIX/Linux filesystems are a bear. Once you hit "rm", you've lost the ref to your inode. Putting Humpty Dumpty together again at that point becomes nearly impossible because the record which shows where all the pieces are is lost to you. If you have known text from the file, and a good knowledge of how the filesystem works, you should be able to backtrack. Otherwise? God help you.

There's also an issue of how the data is stored. A single-drive system is fairly straightforward. 2 drives are harder. Once you get into a SAN/NAS where data is spread over multiple drives, recovery of even a single file with known text becomes tricky. Multiple files? Unknown data? The only hope I would see at that point is to put a large segment of the Slashdot community on the problem and tell them a large trove of high-res pictures of Natalie Portman completely nekkid are stored within.

Re:This should be a lesson...

[jamesh]

Police forces do recover data from overwritten disks and even formatted hard disks.

Assuming we are talking about a disk that has been entirely written with zero's or random data, eg a deliberate attempt to render the disk unreadable - citation needed (or are you just repeating something you heard from someone who heard it from someone else?)

The 'black boxes' are designed to ensure the survival of the internal medium, so it's no surprise that the data is recoverable (don't they use analogue tape on a loop? or is that just for the voice recorder? or is my knowledge way out of data :)

When inter track spacings were wider and density in other dimensions was lower (20 years ago?) it was possible to recover data after a complete write with zero's, but not now.

While Wikipedia isn't the definitive answer on anything, it clearly states in several places that a single pass of the entire disk is enough to erase the disk with no chance of recovery.

Who really needs their services knows howe to contact them and knows that if he has to ask the price, then it's too expensive for his needs.

Sounds awfully like an urban legend. Are the illuminati involved somehow? :p

Re:This should be a lesson...

[jamesh]

There are no reports anyone would be even able to restore data after rewriting them with simple /dev/zero. OTOH rewriting by /dev/urandom and /dev/zero costs mostly the same so why to care if /dev/zero is enough.

Well, yes. And in fact due to the way data is encoded (MFM, RLL, whatever they use these days) a zero bit of data in a sector does not necessarily correspond to a physical zero bit in a magnetic sense.

And given that one of the theories about how to recover data is "subtract the 'perfect' waveform of the track from the actual waveform of the track, and the difference will be some indication of the data that was there previously", it doesn't matter if a single pass is random, all 1's, or all 0's. If you were doing multiple passes then random data would be better, but psuedorandom would probably suffice as long as it was different with each rewrite because the objective is to push the variations well under the noise floor.

cat /dev/something >/dev/sda is enough/easier on any Linux kernel, dd had to be used on some old commercial Unices nobody has seen for 30 years now.

When I was writing floppies under AIX about 10 years ago, 'dd' with a suitable block size was many times faster than 'cat'. Maybe it wouldn't have made a difference for a harddisk though.

Re:This should be a lesson...

[Ginger+Unicorn]

Surely all the people who've downloaded the downloadable content over the years can all band together and restore a large proportion of it?

Re:This should be a lesson...

[batkiwi]

Police forces do not recover data from overwritten disks.

"Formatted" (quick format, destroying partitoin table) yes. Overwritten, no.

Re:This should be a lesson...

[magarity]

Oh, we can make a good car analogy out of this: Having a backup car in case your primary car crashes is a great idea (if you can afford it). Except that instead of keeping their backup car locked in the garage, these people attached their backup car to their primary car with a tow bar and dragged it around everywhere they went. When the primary car crashed, the backup ran into it a fraction of a second later. Now they're sad that their backup car is dead too and are somehow suprised they don't have anything to drive.

Re:This should be a lesson...

[Antique+Geekmeister]

Oh, he gets my sympathies. I've had cases where I was specifically told "that is a scratch server: do not back it up, no one is supposed to keep real data on it". And when it crashed, my employers were very fortunate indeed that I'd completely ignored this and quietly been backing it up with my reserve, emergency tape drive, partly to make sure it kept working, partly to test out new backup tools, and partly because I knew staff would ignore this and use the big lump of spare storage for convenient archival space. My employer was actually angry at me for doing so, but the QA department was very, very, very grateful indeed.

The lesson is more subtle than some of us might realize, though. Never rely on a _single_ method of backup or data storage, because any factor that ruins that backup can ruin all copies of it. This is true for backup systems that use proprietary format, or a failed tape drive that's been screwing up backups for the last year (which I've seen happen with old mag-tape media). And I _love_ online backups: you can make the data accessible via NFS or CIFS or other file-sharing to people to recover the files they just accidentally deleted, without having to invest in a very, very expensive NetApp or similar file server. But oh, dear, I've also seen what happens when someone screws up the backup tools and deletes all the copies at the same time.

Re:This should be a lesson...

[Swordsman02155]

Who really needs their services knows howe to contact them and knows that if he has to ask the price, then it's too expensive for his needs.

The A-Team does data recoveries now?

Re:This should be a lesson...

[Dan541]

13 years of work lost!

Suddenly those external hard drives and safe deposit box don't look so expensive.

Re:This should be a lesson...

[neomunk]

It was in that one episode of CSI:NY...

Re:This should be a lesson...

[camperdave]

well, rocket science isn't really "rocket science". You put fuel in it, it burns, and it ejects pressure from the back.

How much fuel? What type? How toxic is it? Does it require special handling? Does it require special tanking? What are the safety procedures? Are there boil-off rates, or evaporation rates? What type of oxidizer will the fuel require? How much will it require? How big of an engine? What type of nozzle? Will it withstand the heat of the exhaust? What materials will it be built from? How do you ignite the fuel? Is the rocket strong enough to withstand the launch stresses? What happens when it breaks the sound barrier? What size of payload will that much of that type of fuel running through that engine lift? Will it reach orbit? Will it reach the size and shape of orbit needed to put that payload where we want it? Will it be able to do that in a single stage or multiple stages? Will it need multiple engines? How many? What layout? Will the upper stage engines start in a vacuum? When does the staging event occur? Where will the spent stages land? Are they expendable, or do they need to be recovered? What sort of accelerations will the payload experience? Will they be gentle enough to put humans on top of the stack? Can the engines be throttled? What sort of failure modes does this rocket experience? Is there a way of detecting an imminent failure? Will there be enough time to trigger the Launch Abort System? What sort of guidance system will there be? How will you steer the rocket? Is it even dynamically stable? What happens to that stability if an engine fails? What happens to the center of mass as the fuel is expended? Does that affect the stability?

Yeah, rocket science is real easy.

Re:This should be a lesson...

[ioshhdflwuegfh]

Parent poster says : "I'm a not Flight-sim enthusiast, so am not familiar with their site, but I presumed there were probably large binaries", to which I'd reply that the most valuable part of their site were source files and input data files. Now, as you say:

Surely all the people who've downloaded the downloadable content over the years can all band together and restore a large proportion of it?

I also thought: developers and user must have downloaded/synced great deal of source (binaries for sure :-). So why not scramble it back together? As for the web site, perhaps pages are cached somewhere on the web, as some people already pointed out.

I've visited their site about a month or so ago, and they did really impressive work, they should try to restore it.

Re:This should be a lesson...

[funkyjunkman]

There is no reason for the DoD spec other than paranoia.

Check out this article from Seagate Recovery Services

It has been suggested that an electron microscope could be used to read and interpret any patterns that were not fully overwritten by the process. Theoretically this can be done - but in practice it is little more than a myth.

If data could be recovered at the rate of 1 bit per second - this process would take 9,259 days (or over 25 years) to recover 100 MB of information. This is assuming that you could read back and interpret each bit correctly, for example on data that has never been overwritten. If you are trying to read "traces" of data that were previously written there, in the most likely scenario you may be able to correctly recover, interpret and identify 30-40 percent of the signals.

THAT DOES NOT MEAN YOU WOULD RECOVER 30-40% OF THE DATA - BUT ONLY 30-40% OF THE INDIVIDUAL BITS IN EVERY CHARACTER.

A "10101011" pattern may come back as "?010?01?" and every single character on the drive would be scrambled in a similar manner. The mathematical probability of decrypting such a puzzle into usable data is infinitesimal.

It could be claimed that data can be recovered from any drive in the world with a guaranteed success rate of 50% "at the bit level". This sounds interesting until you consider that if you overwrote the entire surface of the drive with either all "0" or all "1" and since the original drive contained nothing but patterns of binary ones and zeros - half the bits would be correct - but obviously no data could be recovered.

In conclusion, overwritten data cannot be read back or recovered by any current disk drive technology or laboratory technique.

Re:This should be a lesson...

[Verdatum]

Sheesh, so many questions. Why worry about that junk? We'll just let the flight simulation software deal with that.....oh wait...

Re:This should be a lesson...

[FooRat]

So if it was a minor natural disaster that destroyed the data, tell me which asshole do you shoot?

Sorry, but anyone who doesn't properly back up 13 years of data is a bloody idiot, and yes it is their fault, because if you are in charge of that much data, it is your job and responsibility to do proper backups. It doesn't even take a genius to think up a few scary "what if" scenarios, nor does it take more than a few seconds, and it only takes a few minutes of Googling to learn the obvious basics.

In fact, it is people like this who *purposely* tempt fate who should be held criminally negligent, especially if it's a business.

An analogy might be a hospital that decides to tempt fate by not having generators. If you go in for some complex surgery, and you die because the power cuts out and there were no backup generators, you would say it's the hospital's fault, regardless of whether the power cut was caused by natural disaster or somebody malicious ... because a hospital should anticipate such things, and, like backups, the cost of anticipating and installing generators is miniscule compared to the disasterous alternative. To throw your hands up in the air and say "oh well, sh-t just happens that we can't control for, and people who damage electricity cables should be shot" is just a third-world mentality ... there's a reason hospitals have generators. The difference between animals and evolved man, is that man is capable of anticipating his potential futures and adapting his environment to mitigate accordingly. Animals sit and wait for bad stuff to happen, and whine about how it "shouldn't have happened" when it does.

lesson is

[PhrostyMcByte]

more than one backup. always! especially if two servers are running the same software, who says they won't both fail at the same time?

Re:lesson is

[jra]

No, the *actual* lesson -- and I'm having exactly this same discussion this week in the comments at This Is True, oddly -- that *SPINNING MAGNETIC STORAGE IS NOT A "BACKUP"*.

If a processor can reach it, it's not a backup.

If the same fire can consume both the computer and the "backup", it's not a backup.

DLT or LTO magtape, and move it out of the building, folks.

I used to be even just the least little bit more generous on this, but given the prices on used DLT-4 drives, not anymore. If you're not backing up on tape at least half an inch wide, you're not backing up, and quit lying to yourself.

It sucks to be That Guy... but perhaps he'll save hundreds of other sites in his catastrophe...

It isn't a backup...

[IntentionalStance]

if it isn't verified

Three words:

[Girtych]

Off. Site. Backups. Textbook example of why you need to secure your backup data in a secure, non-networked location.

There's a special place in hell...

Reserved for people who don't do archival backups, don't secure their systems, and then try to blame their ineptitude on hackers.

Do backups.
Do security.
Do restore from your backups to test them.
Do not blame others when it's shown you failed steps 1-3.

Re:There's a special place in hell...

It's beyond me how the blame is always shifted on the victim of an attack. There's a line between equitible share of responsibility and blame, and it's nowhere as fine as you think it is.

yes we had backups

[frovingslosh]

They say they had backups, and put them on the Internet where any hacker could get to them, under the same security the originals were stored under. If that's all they cared about their data, I don't see why the Slashdot community should care any more than they did.

Re:yes we had backups

[Farmer+Tim]

Wait, we have to care? I thought we were supposed to point and laugh...

Re:yes we had backups

[BenBoy]

Absolutely, I mean, so what if those guys broke into your house and killed you and raped your mom *right in your own basement bedroom* ... y'know, you should have had better locks, and used them more consistently; y'know, if you'd really cared.

Sure, there are *much* better backup strategies; that having been said, somebody broke in and did a bunch of damage for shits and grins. They suck.

Re:yes we had backups

[maxwell+demon]

That's a really bad analogy. The backup is not there in order to prevent hackers from breaking in, the backup is there in order to prevent loss if they break in, or if data gets lost for some other reason. That is, backups are not a security measure, they are a measure to limit damage.

Re:yes we had backups

[Nimey]

That's a really bad analogy.

You must be new here.

like the backups should have been

[OttoM]

You now will be escorted off-site.

Offsite backups?

I realize that from quite a few people's perspectives, storing their backups in a separate building constitutes off site storage. I'd almost buy that strategy. Not in the same environment, network, city etc.

These guys were stupid.

The day after 9/11 I was in an elevator, and caught a snippet of conversation between 2 people that had business interests with a firm that was in the WTC. The comment I heard was 'their backups were in the other building'. Another company lost.

You can never totally plan for every contingency, but you can insure yourself. I know many developers that take hard copies of their code (meaning on removable media) home just for this reason. I have seen sys admins do the same because they didn't trust their DR stratagy.

This was avoidable. This isn't even about disaster recovery. It is about business continuity.

You can't afford not to protect your data.

Re:Offsite backups?

[4D6963]

Yep, watching that show Stephen Fry in America he interview a nuclear bunker dweller who said that after 9/11 he was contacted by several companies to put servers in bunkers as they had lost lots in the towers.

Re:Offsite backups?

[mcvos]

They should be kept on a different part of the electricity grid, preferably in a differnt postcode.

It all depends on what kind of disasters you want your data to survive. If you want it to survive nuclear war, you need off-shore backup. Preferably in a neutral country that won't get involved in the war.

If you want your data to survive a Vogon constructor fleet, use off-planet backup. Recovering it from the brain of a single surviving human (if any) is going to be costly and painful.

Re:Offsite backups?

[Kjella]

The day after 9/11 I was in an elevator, and caught a snippet of conversation between 2 people that had business interests with a firm that was in the WTC. The comment I heard was 'their backups were in the other building'. Another company lost.

If you start going down that path, you end up at what'd I'd call the company doomsday scenario. If you first try to imagine a DR situation of such magnitude that both WTC locations are destroyed, it might as well be someone blowing up the foundations in which case they'd all be dead. We sometimes go on company trips, often a fully chartered plane. If that plane had crashed and 100+ employees were lost, the company would be G-O-N-E. DR is supposed to save you from recoverable situation, if all that's left as is a smoldering crater companies like people sometimes are beyond rescue.

Sigh. Mirror != backup

[Todd+Knarr]

Repeat after me: mirroring is not a backup. Backups are physically removed from the machine and stored where they can't be altered until they're needed for a restore. If they aren't removed from the machine, well, as we've just seen that only ends in tears. Observe their pain and learn from it!

So, they had NO backups?

[MrMista_B]

'Backed up between two servers'... that's not what a backup is.

I'm... astonished at the level of incompetence here. A site with 13 years of work like this, and they didn't bother to backup anything at all?

And now they're trying to handwave it away with 'oh uh, uh really folks, seriously, were really did have backups haha, between servers olol'.

I don't think 'olol' is going to impress anyone whos work was just wiped out by their incompetence.

Re:So, they had NO backups?

[borizz]

And that's stupid. Fact of the Intertubes: Shit is going to get probed/hacked. Designing your backup policy in a way that doesn't cover malicious attackers when you're securing an internet facing website is just asking for trouble.

Re:Copying between servers is NOT backing up

[lecithin]

"I hope the same administrator will never again make the same mistake with backups."

He won't for this company, that is for sure.

Learn from Kuwait too

[AHuxley]

When invaded their identities system was lost too.
All they had was a back up copy that made it out.
After the war they could go in and find what was tampered with. ie who got a false identity.
Take your data home with you every night.

And yet another example why you need real backups

[Fallen+Kell]

As the subject says. "Online" backups and replication are simply tools to try and minimize downtime. They are NOT a backup solution. They never were and never should be touted as one, just as this example shows. The only good backup is one that occurs frequently, is verified that it worked, and is stored in a secure location such as a fire-proof safe, and even better in two different fire-proof safes in two different locations, preferably more than 100 miles apart.

These aren't hackers

[fishnuts]

Whoever did this must have willfully wanted to destroy the website and its content. Deleting data in this manner is far beyond vandalism or criminal mischief.

I hope the perps get served by a judge who recognizes just how severely malicious this was, and that enough of the people who used the site can provide the files back to the owners and the community.

Re:These aren't hackers

Plus there's no telling if the hacker knew the impact data deletion would have...

There's a difference between:
"MWUAHAHAHA, I'm destroying 13 years of work."
and
"MWUAHAHAHA, it'll be fun watching them restore from tape"

Re:the web is ephemeral

[rve]

Maybe future historians will consider this a dark age, whose intellectual production was lost.

Please don't say our treasured facebook, twitter, slashdot posts, wikipedia revision wars and v1agra spam may not be preserved for posterity.

I'm not yet convinced that information that today exists only on the internet is really meant for eternity :)

Re:Love Boat captain Gavin MacLeod dead at 79

I'm assuming he wasn't backed up, either.

Some backup stories

[IntentionalStance]

I worked for a computer bureaux in the 80's. We upgraded the operating system - very cool, the new release allowed larger files. We didn't, unfortunately, upgrade the backup utility to handle these larger files. Months go by - then there's a problem - whoops backups are useless - Luckily there's a physical audit trail so we we can pay for very large data entry exercise to get our client's data back.

A couple of years later, I am in the pub with some mates and John turns up. I ask him how he's managed to finish work and get to the pub so early. "I did a fast backup" he said. I was interested so I asked him to explain. "Oh, it's easy, get the target tapes from the rack, rub out the old date, write the new date, put them back into rack and go to the pub"

Worked for a large software shop in the 90's. I am part of a decent sized Oracle development (circa 50 devs). Ops decides that Oracles backup routines are too slow and 'optimize' them. Some weeks later - guess what - there's a problem and the backups are useless - No physical audit trail this time - the team has to redo all of there work - it was not good for the project budget, the team moral or the client

Re:Some backup stories

Months go by - then there's a problem - whoops backups are useless - Luckily there's a physical audit trail so we we can pay for very large data entry exercise to get our client's data back.

I worked for an outfit where they couldn't get authorization for a backup server. Dumb little me added up the cost of a few days idle time for the small group that used the server. Simple subtraction said, "Get the damned server." So they did.

I built the new server (OS/2) according to my manager's specs. It worked OK. I said, "You know, we'll never have a better chance to test out out disaster recovery. Let's scrape the HDs in this thing and restore it from the backup." But oh no, the smart son of a bitch I worked for decided the old server might be failing, so we had to put the new one online right away.

Nice going, asshole -- some time later (don't remember why -- this was eight years ago), we lost the new server. Get backup tapes, run restore. Bring up system -- ha, ha -- ACLs not restored by the proprietary backup software we were using. (It worked fine for file restores, just not a full system restore.)

We had to re-enter all of the user database and individual permissions by hand. Nice going, hot-shit IBM-trained systems dude manager. You're just lucky it was mainly a file server for our department, not one of the large networks managed by the real network guys in the company.

This asshole was so lame that he didn't even take advantage of the OS/2 facility which logged all the build options for later re-use, including making tweaks so you could build and modify systems quickly when you wanted to test out various build options. It was like a fucking high end European luxury car -- each machine was hand built.

There's a perfectly good set of words for...

[Chris+Tucker]

...the thieves and vandals who steal data and wreck servers.

THIEVES AND VANDALS.

Not "hackers".

What was done was not hacking. It was vandalism. Plain and simple.

Hackers create. Vandals destroy. Thieves steal.

I'm surprised that this needs to be explained to the Slashdot community.

Re:There's a perfectly good set of words for...

[Zebedeu]

It's too late. That battle is over and the word is lost.

Just like Kleenex (the company) had its trademark stolen from it by falling into common usage, so did the word "hacker" lose its original meaning.

Real men...

[hugetoon]

"Only wimps use tape backup: _real_ men just upload their important stuff
on ftp, and let the rest of the world mirror it ;)"
                                                    Linus Torvalds Jul 20 1996, 3:00 am

Re:Real men...

[advocate_one]

didn't work for me, that where I uploaded my mods and paintjobs for my flightsim aircraft... I'm now going to see if I've still got my own copies of the stuff I uploaded and put it back up.

Re:Really?

[RattFink]

Anyone who hacks a flight-sim sight has no life and really needs to get laid.

Coming from a slashdotter that is pretty rough.

Hindsight is always 20/20

[mlts]

This is a lesson every system administrator worth his or her salt learns over the long haul. You might back up dutifully, test restore, and have a well done system of ensuring backups are rotated correctly. Then you find out the tape drive you use is miscalibrated so only it can read your backup tapes, or you find the backup software you use on a daily basis is not in production, or the latest version has no support for the backlevel formats.

I have found that in a production environment, you really need multiple methods for backup if at all possible:

The first level is a dedicated backup server. This machine is locked down to the best of your abilities, and firewalled from the network, only allowing critical ports such as what the backup software uses, and perhaps ssh or RDP (if a Windows box). This machine copies everything from the other servers onto a large disk array, then to tape. The tapes are then cycled offsite via a service like Iron Mountain. Of course, the tapes are encrypted, and corporate officers get a copy of the master keys.

Why tapes? Because they can be set read only after they are dismounted, and no computer, no matter how infected can modify or delete the tape contents once this is done, outside of a reflash of the tape drive's BIOS. This is important because its not unheard of for someone to write a program that trashes backups over a time interval. Higher end tapes can be used as WORM media like DLT-ICE.

I can't emphasize enough about securing the backup server, both physically and network-wise. If this box gets compromised, all your data is available. On Windows machines, I recommend using some form of disk encryption (Bitlocker if the machine has a TPM, TrueCrypt, etc) so if the backup server or an array gets physically stolen, the data is of no use to a thief. This is in addition to the backup program's encryption.

After you have a central backup server installed, secured (security is paramount on this machine unless the backup program client can do encryption), and backups running, you focus on the other levels of backup.

The next level of backup is on the local servers. Most operating systems have a method of backing up the computer. If you can do this with a server, fire off a snapshot backup every month or so. Most OS backup methods don't have encryption, so this backup should go directly to a tape safe or secured container in the data center. Optionally, you can install backup software locally that can encrypt. I like using the backup/restore utility the OS gives for an image every quarter, then using more secure software more often, so the OS backups can be stored in a tape safe or physically secure container. This way, if the third party backup software ends up inoperable, there is still a method of getting a machine up somehow, or putting it in a virtual machine for recovery purposes.

Finally, after you have backup servers and a rotation, companies might consider offsite cloud backup services like Mozy. Mozy offers use of keyfiles so all data is stored encrypted (encrypted on the client end). Of course, making sure the encryption key is stored safely is paramount, and the cost of storing a large backup in Mozy's cloud may be prohibitive. However, if worse comes to worst and your site is completely knocked out, as well as the offsite backup site, it may be thing that keeps your business up.

Of course, scale this up or down as per your company's needs. A smaller business can get by using Mozy and a Windows Server 2008 box running Bitlocker, a network backup program with encryption such as Retrospect or Backup Exec, and using external drives every month to copy backup sets from the main ones to store offsite.

A larger business might see about a true backup fabric system sold by IBM (TSM), EMC (Networker), or Microsoft's solution.

The key is to not just have some built in redundancy so if one backup method is not usable, you have another, even if the backups are older, but to be able to do this in a manner that doesn't add too much time and equipment expense.

Re:Hindsight is always 20/20

[inKubus]

And for those who don't like to pay $10000 for backup software, there's Bacula. Couple that with an LTO-4 drive (~1000) and LTO-4 tapes (800GB uncompressed, ~60/piece) and you're set. Rsync.net is a decent, cheap online provider for those gaps when you haven't rotated tapes.

Bacula is pretty sweet because it lets you backup to disk volumes and then you can schedule a roll to tape. So you can just back everything up incrementally to a disk volume and then copy those backups to tape, and then run rsync on the disk volumes to have an offsite, online backup. When recovering, you ask to recover from whatever's available. If you keep enough disk storage around (and there's really no reason not to) you can recover to any date in the past. In the event of a disaster your tapes come into play.

Now with drives so cheap the temptation is to buy a external hard drive and use that. But tapes have a long history, guaranteed backwards compatibility (planned anyway, LTO drives have to R/W the previous generation and Read 2 generations back), last longer than moving drives, are simpler, lighter, more robust and more portable. Not that I wouldn't keep a external around to dump desktops but tape is the DR standard.

Re:Copying between servers is NOT backing up

[Khashishi]

Honestly, how many man-hours and equipment do you really want to commit to backup? Do you really think it's worthwhile to get a tape system and regularly move tapes off-site for some community mods? Anyone can envision a system that is far more secure than this, but paying for it is another thing.

If the mods were good quality and downloaded often, the community should be able to act as a backup of sorts.

Eternity

[hessian]

Only goatse is eternal. The rest is being used to seed a randomness generator somewhere.

Re:Love Boat captain Gavin MacLeod dead at 79

[JoshuaZ]

Actually, he got regular backups at the Dollhouse. I'm not sure how he'll respond to being in Eliza Dushku's body...

bullshit

[QuantumG]

Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.

How about once? With zeros.

    http://16systems.com/zero.php

If you can retrieve you data from a drive after it has been dd'd with /dev/zero, you might be able to win this prize.

If you happen to be in the situation described, chances are you're fucked.

Re:bullshit

[martin-boundary]

The publicity value of being the one successfully recovering that data is much higher than $500. People who say they could do it but don't because the money's not enough are full of shit.

Re:bullshit

[QuantumG]

What services? Where? What is their name? Fucking urban legend bullshit.

Of course I have an extra set of keys..

[droidsURlooking4]

I kept them in my other pocket.

Public Viewing

[jeric23]

A public viewing will be available at:

http://web.archive.org/web/20080116064652/http://www.avsim.com/

No date has been set for the funeral.

Re:Public Viewing

[Kirth]

No, its not. Login/Password required. And Lame explanations why this should be necessary:
http://web.archive.org/web/20080116064652/http://www.avsim.com/

So the content not only got lost because of a stupid backup-strategy, but because of an even dumber login-required-strategy.

Linus said it: "Only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world mirror it ;)" And thats precisly what avsim should have done.

Lies, damn lies.

[BrokenHalo]

The admins' claim that they were backed up is nothing short of an outright lie. A dependency on rsync or any other mirroring technique alone is just plain negligent, when both servers are exposed to the world at large. As a bad analogy, it's like allowing someone to light two fuses with the same match.

The only way to do backups properly is to have a complete set, offline, in a separate location.

Sheesh. When will people learn?

Re:Lies, damn lies.

[Gerzel]

Remember kids if it isn't backed up to an off-line copy then it isn't backed up.

Re:Lies, damn lies.

[pwizard2]

A dependency on rsync or any other mirroring technique alone is just plain negligent[snip]The only way to do backups properly is to have a complete set, offline, in a separate location.

For a medium-to-large business, I wholeheartedly agree with you.

However, what would be a good policy for small business (sole proprietorships or only a few people) or individuals? Not everyone can afford properly secured offline remote backups. The best effort that the average individual can do is set up a cron job rsync to a remote server if he/she has one and then do a few local rsyncs for redundancy every few hours. (this is what I do)

Re:Lies, damn lies.

[Darinbob]

There are companies that will do this for you. You make the backups, put them in a lock box, and the company comes around once a week and and picks them up and drops off next week's lock box.

Re:Lies, damn lies.

[SanityInAnarchy]

I'm going to respectfully disagree, there.

A dedicated backup box can be much more hardened than a general-purpose webserver, as the backup box pretty much has a job of storing and retrieving files.

A solid system of incremental backups helps, too.

Yes, taking it offline is great. Do that... maybe monthly, if that.

This scenario sounds much more like someone confused "RAID" with "Backup". RAID (and other high-availability schemes) protects you from hardware failure. Backup protects you from more software failure and human error.

Re:Lies, damn lies.

[mustafap]

>but how many people actually keep off-site backups for home use?

er, I do. I have a 4GB memory stick that I sync with my back drive on my home PC and a PC at work.

Once a month I burn a DVD.

Re:Lies, damn lies.

[rtfa-troll]

And I'm going to respectfully disagree with you too.

For most small businesses cash flow is critical. If you don't have a record of who paid you in the last month then you can't invoice the rest and you are dead. Your repeat customers will spot duplicate invoices and probably just block payments until it's all sorted out. The attack that you are defending against is either a fire which destroys your office or a burglary which steals all your computers in the night, including the backup box, taking the backups just because they happen to be there.

You need off site backups on a different, non internet-connected medium no less often than once a week. That is the maximum time for which it is acceptable (we are talking about disaster recovery here; "acceptable" has a different meaning from normal) to re-invoice people who have already paid you. Even so, most such incidents destroy small businesses completely just because they don't manage to get people back working in time. This just gives you a fighting chance if you have a nice and understanding bank manager and do a little more disaster planning. It is astounding how much difference spending four hours just thinking about it can make (e.g. you know the number of the temporary office providers, you know which people in your office can work from home and you realise everybody in your company should have a mobile phone, especially the receptionist).

And finally; if you haven't tried restoring from it, it isn't a backup.

Re:Lies, damn lies.

[SausageOfDoom]

I don't think anyone would disagree that the backup machine has to be at a separate location, but you and the gp poster are saying it's somehow risky if it's internet connected. You should be fine provided:

* the backup box only runs an up-to-date SSH server with key-based access
* it's hidden behind a firewall and/or port knocking
* it connects out to the primary server to initiate the backup and pull the data (rather than the other way around)
* you make incremental backups

That way when your primary machine is compromised, all they can do is corrupt your live data, and your backups from that date.

Certainly keep weekly/monthly off-site offline backups as well, just in case, but I think it's wrong to say you can't have a reasonable expectation for the reliability of an online backup box.

After all, plenty of things can go wrong with offline backups, but there's a reasonable expectation that they will be fine.

Re:Lies, damn lies.

[trawg]

I wouldn't call it lies - I'd call it ignorance

Re:Lies, damn lies.

[magarity]

A dedicated backup box can be much more hardened
 
What you've described is only marginally better than what these people did. A second server playing backup device, even if it's "much more hardened", whatever that means, is still an extremely lousy and ineffective backup. If lightening hits your building or arson or theft, your "it's hardened"! backup server is just as toasted as the primary. Backups MUST be to removable media that's kept off site and inactive.
 
Otherwise you've done practically the same thing for data "backup" as the RAID does via disks, except with two servers.

Re:Lies, damn lies.

You only have 4GB of irreplaceable data?

Just my family photos/videos archive broke the 2TB boundary this year, and that doesn't include the 1TB of archive media from my personal projects (images, old versions of personal websites, video montages, etc).

I think having a normally off, seldom used mirror of my 3TB of data the best backup solution I can muster.

Re:Lies, damn lies.

[NoobixCube]

Off topic, the internet would be a much nicer place if all disagreements were presumed to be respectful until obviously indicated otherwise...

Re:Lies, damn lies.

[Alex+Belits]

They buy USB hard drives (at least six times the amount of data they have, split among at least three drives), rent a safety deposit box in a bank, and install rdiff-backup. Then they rotate the drives weekly -- at any point one drive is backing up their systems daily, two are stored at the bank. Complete incremental backup solution with offsite storage.

Re:Lies, damn lies.

[fuzzywig]

And if you can't restore from it then it's not backed up either. Test those backups people, test 'em!

Re:Lies, damn lies.

[somersault]

lightening hits your building or arson or theft

I thought lightening came under theft

Re:Lies, damn lies.

[sigxcpu]

If we are making a list of backup rules, I should also add that if you have not tested to see that you can actually recover from the offline copy, it is not backed up.

It is very common for the first few restore attempts to fail because of a miss-configured backup solution.

One really colossal failure I have witnessed was when several years of offline backups were found to be useless, following a server failure.
It appears that the backup agent did not have the right permission to read some of the files.
(Yes, it generated errors that should have not been ignored.)

Another really painful one I witnessed was loosing the only 10 year old tape drive, this side of the ocean, that can read the media to a fire, along with the backed up server.

The only way to know that your data is probably safe is after you have seen a successful restore, on another machine.

Re:Lies, damn lies.

[RichardJenkins]

Backups: Not hard to get right, just very easy to get wrong.

Re:Lies, damn lies.

[RichardJenkins]

If by 'dedicated backup box' you mean two offsite machines both of which are themselves in highly secure and robust sites I could be convinced that it's possible to build an effective backup strategy around them.

Our backup strategy for the office (files/databases) is to have a single, off-site 'consolidation server' which we dump transaction logs to real time (with full database dump overnight), and make incremental backups of files every hour throughout the day rsyncing the full current file overnight. Then, this machine is itself backed up using a full weekly/daily differential tape backups.

I get shivers how everyone talks about backup strategies but not restore strategies as if the data fairy will wave a wand to restore your backups when it all goes tits up. We have a regularly rehearsed backup strategy. If we're in the same office, we attempt a pull down from the remote consolidation server. If that is down, or we are in another office etc. we put a copy of the encrypted tape backups on USB drives, courier them over and restore them here.

My biggest bugbear is that the remote consolidation server is not encrypted - we have to trust the hosting partner. We could not find an acceptable method that didn't involve remote plaintext data existing.

We spend about £12k (or about half a junior IT FTE) a year on backups and there is not a single day where I do not worry and personally check that they're working correctly.

Does anyone see any holes or room for improvement? Would be very happy for suggestions to improve.

Re:Lies, damn lies.

[digitig]

It's not just accounts received that matters. At a company I used to work for we once got a letter from a supplier saying that they'd lost all accounts in a crash and could we please tell them how much we owed them. It's one thing not knowing whether an invoice has been paid: not knowing who to invoice or for how much is more serious. In that case it did turn out to be a death sentence.

Re:Lies, damn lies.

"And finally; if you haven't tried restoring from it, it isn't a backup."

That, my friend, need to be carved on a marble plate and hung over the door to every datacenter.

Re:Lies, damn lies.

You only have 4GB of irreplaceable data?

Just my family photos/videos archive broke the 2TB boundary this year, and that doesn't include the 1TB of archive media from my personal projects (images, old versions of personal websites, video montages, etc).

I think having a normally off, seldom used mirror of my 3TB of data the best backup solution I can muster.

You only have 3TB of irreplaceable data? I'm currently up to 5PB, though half of that is my pr0n collection.

Re:Lies, damn lies.

[MrAngryForNoReason]

A small business can buy two Terabyte external drives, and make a complete backup every Friday evening, alternating between the drives, take the drive home.

This is pretty much what my company does. There are only 5 full time staff so things like tape backup procedures are too expensive for our needs. We do have a lot of data though.

We have everything on a NAS running RAID 5, at the end of each day anything that has been changed that day gets written to a DVD, which goes offsite. Normally chucked into someones bag on the way out of the door, but the DVDs are only for quick file recovery so not crucial.

At the end of each week we do a complete backup of the NAS onto a 2TB external drive (which is actually 2 x 1TB drives running JBOD in an enclosure). That goes offsite, then at the end of the next week a second drive is used for the offsite. So we always have 2 copies of everything offsite max 1week or 2weeks old respectively.

Not a completely fool proof system but good enough to give me peace of mind with respect to hardware failure, theft, fire and penetration of the office network.

Re:Lies, damn lies.

[PopeRatzo]

>but how many people actually keep off-site backups for home use?

At least one. I've been doing this ever since one of my colleagues, who had been working on a book for a year and a half, had his house burgled and the thief took his computer AND his backup system AND the lockbox in which he kept backup tapes (it was a long time ago). He thought he was doing everything right.

I had to help him scan several hundred pages from several sets of loose pages and chapters from a marked-up stale manuscript, and this was back in a day when scanners and OCR weren't all that great.

I saw him suffer so badly, and was so shaken in his faith in technology (he's an English teacher, not really a technical adept) that we devised a simple system of rotating tapes (later external hard drives, now 8gig flash drives) that we used to keep for each other (he's moved away now).

If I'm working on something that I absolutely cannot lose, I'll occasionally put it on a flash drive and give it to my wife. That's my safest keeping. I don't ask her where she keeps it, but sometimes when I get it back it has a faint aroma of the Pacific Ocean.

Re:Lies, damn lies.

[PopeRatzo]

(images, old versions of personal websites, video montages, etc).

That's not an archive, pal, that's evidence.

You wanna destroy that stuff, the sooner the better.

Re:Lies, damn lies.

[icannotthinkofaname]

I'm going to respectfully agree. :)

Re:Lies, damn lies.

[Mr2cents]

Note to self: never, ever ask you about your hobbies.

Re:Lies, damn lies.

[Ephemeriis]

I'm going to respectfully disagree, there.

A dedicated backup box can be much more hardened than a general-purpose webserver, as the backup box pretty much has a job of storing and retrieving files.

A solid system of incremental backups helps, too.

Yes, taking it offline is great. Do that... maybe monthly, if that.

This scenario sounds much more like someone confused "RAID" with "Backup". RAID (and other high-availability schemes) protects you from hardware failure. Backup protects you from more software failure and human error.

Wrong.

What if your building burns down? What if some minor fire triggers the sprinklers? What if you get struck by lightning? What if an employee goes postal and takes a sledgehammer to all the electronics? What if a tree falls on the power lines and sends a giant surge through your wiring? What if someone breaks in and steals all the computers?

It isn't a backup unless it leaves the site.

Of course you could put your live backup box on the other end of some fiber in another state... That's physically off-site... But as long as it is up and running you have to worry about it as well. Hardened or not, it could get hacked. Or it could get a virus. Or some random glitch could corrupt the data on disk. Or its motherboard/HDD/CPU/whatever could die.

It isn't a backup unless it is offline.

And then there's the question of whether the thing actually works... You can have all the backups in the world, but if they're all corrupt it won't do you any good. You'll be restoring broken garbage to your replacement server.

It isn't a backup unless it has been verified.

What all of this comes down to is some kind of relatively portable media. Tapes, removable HDDs, CDs, DVDs, whatever. You want something that can leave the building on a daily basis. You want pretty much all your media to be out of the building. Bring in just what you need to run today's backup, and then take it out of the building as soon as that is done. Preferably to someplace relatively remote and safe... A safety deposit box is great. Or if someone has a safe at home. Or if you've got a branch-office or something.

Re:Lies, damn lies.

[EvilBudMan]

--Even so, most such incidents destroy small businesses completely just because they don't manage to get people back working in time.--

Been there done that. Speed is very important. All the insurance in the world will not help you if you can't get back up fast enough, but if you do you will have a crew that has a work their ass off mentality for a few years after that and then you will do well. Then every one gets lazy again and something happens to remind them.

Re:Lies, damn lies.

[hendrikboom]

Testing backups is nontrivial art, too. I once created a magnetic-tape backup of critical files, then later in the day went to the trouble of reading the tape. It read just fine. A month later, when I needed it, I tried reading it. It turns out all the blocks had been truncated, apparently because I had forgotten to specify some obscure parameter when writing the tape. Why had it read back correctly the same day? Because the OS had obligingly cached the entire tape contents on disk in case I wanted to mount it again later.

Re:the web is ephemeral

[imsabbel]

Wikipedia revision wars will be a GOLDMINE for future archeologist.

Think about just how much they reveal about a certain topic.

Re:the web is ephemeral

[Vectronic]

nonsense...

completely inaccurate guestimation, but probably only about 1% of anything carved in stone, is still decipherable or even exists, same with scrolls, otherwise we'd be littered with 2000 year old shopping lists, love letters, etc, how many notebooks (the paper kind) have you gone through during school, as journals, boredom... still have them all?

Hell, we probably only have about 1% of the stuff that was written down 100 years ago, probably only about 3% of the buildings, 0.3% of the cars, 2% of the paintings...etc...etc... most of the ancient books we have, are copies of copies of copies, and we can do that with magnitudes of efficiency now, not to mention recovery, hard drive gets erased, it's easier to get the data back than a scroll that's been erased, or a stone.

If even 0.1% of what we have on the internet right now exists in 500 years, it'll still probably be more than everything we have in stone, scrolls, and print right now...

With the various sorts of "Library of Congress" out there, if you had the chance to peruse and take/read whatever you wanted, you'd probably only find 0.5% of it interesting anyways, much like what's on the internet.

They didn't have backups

[Sycraft-fu]

They had redundancy. Another online copy of data isn't a back, it is redundancy. A backup is a separate, offline copy.

For example if you have a RAID-10, you do NOT have a backup of your data. What you've got is redundancy. In the event you have a disk failure, you don't lose data and you also don't lose system functionality. That's actually the main reason for RAID (at least RAID other than 0). You don't want your system to have downtime. If you drop a disk you can use the system while the replacement comes in, rather than being SOL.

A backup is separate. It can be another harddrive, it can be DVDs, it can be tape, whatever. It is something you use to take data from the system, and move it offline.

Now why is the offline thing so important? Well this demonstrates one reason. A bigger one would be catastrophic hardware failure. What happens if your PSU goes nuts and pumps out 120 volts on the 12v lines? That kind of thing can burn out all your hardware, and thus anything you have internally. An external backup isn't affected, of course. Then there's things like fire, or flood and so on.

However the biggest would be your own screwup. What happens if you accidentally overwrite the data with garbage? What if you then trigger a backup sync, or it happens automatically before you realize your mistake? Well you are screwed now. You backup is now of useless data.

Ideally the backup is offsite, of course, since that protects against anything that might happen to one site. As a practical matter for non critical data, like your home PC, an external harddrive in a good fire/water/security safe will do the trick. It takes a lot to destroy one of those and your data is probably safe from just about anything, including you screwing shit up.

So having multiple online systems for better availability is fine. You don't want downtime, you have more redundancy so that if a given unit fails, the operation keeps going. However it's NOT a backup, especially if they are all on the same site. You need backups in addition to redundancy.

How much redundancy and how many backups depends on the importance of the data you are storing. At home, I do an external drive in a safe with some very important files copied to the server at work. At work, we have a NetApp storage unit (which is quite redundant itself) and back that up to tape, which gets rotated out to a vault in a different building. At a higher level at work, for things like financial records, that same kind of thing happens but there's a backup system in a different city as well.

Get yourself a good backup system BEFORE you need it.

overwritten once CAN be recovered

[VeryLargeNumber]

> I'd like to see you recover something that has been overwritten once.

You can't do it at home, but professional data recovery service can. Usually you can guess the previous data by precisely measuring the magnetic levels. The old values will influence the resulting intensity. Roughly (I'm not expert!) works like this:

was -- now -- result
0 -- 1 -- 0.9
1 -- 0 -- 0.1
1 -- 1 -- 1.1
0 -- 0 -- 0

That is why you should have MULTIPLE overwrites with RANDOM data.

Re:overwritten once CAN be recovered

[crisco]

The [a href="http://16systems.com/zero.php"]Great Zero Challenge[/url] says otherwise. They're simply asking for the filename of one of the files on a drive that has been wiped once with zeros. Despite offering the challenge for over a year and actively speaking to data recovery companies, no one has taken them up on the offer.

Re:overwritten once CAN be recovered

[crisco]

Markup Fail! Great Zero Challenge

Re:overwritten once CAN be recovered

[DerekLyons]

Nobody has taken them up on the offer because they (16 Systems) are meaningless nobodies seeking to use the data recovery companies for their own PR ends.

Re:overwritten once CAN be recovered

[hoggoth]

I am a computer forensics expert. I search for deleted data for a living, and I testify in court as to what can be done.

Unfortunately you are wrong about recovering data that has been overwritten by using magnetic magic.
That is an urban legend that has been disproven. Maybe 20 years ago using low density MFM drives it was theoretically possible, but now it is not. Maybe the NSA has some tech they reversed engineered from an Area-51 UFO to do this, but I've never seen or heard of it.

Even Gutmann has recanted his 38 wipes recommendation.

Now don't mistake overwritten data for deleted data. When data is deleted it is NOT overwritten. When a hard drive is re-formatted almost nothing is over-written. When a file is overwritten with zeros or random bytes there are probably 10 more copies of that file and previous versions of that file floating around in unallocated sectors, swap space, file slack, hibernation files, etc.

But what IS overwritten is gone.

Re:overwritten once CAN be recovered

[BinaryOpty]

In addition, the reward is far below the cost of the processes needed to retrieve that data, so no one's going to bother for that reason as well.

Re:overwritten once CAN be recovered

[getuid()]

I've never seen *any* evidence or heard of *any* occasion that such a recovery, even from a only-once-zeroed drive was done.

Now the point is, one could say "of cooourse not, guys that can do this won't do it for peanuts, besides they're secres service" etc etc. But the point is: even if it's secret service and really expensive, at leas *some* news about it should have hit the public -- after all, this myth has been around for several years (a decade?) now.

I'd still even like to hear from a success story. Or even find a company that advertizes "We can (partly?) recover your zero'ed data -- it's going to cost a fortune, an arm and a leg, but we can." Haven't seen that one either yet. Not a commercial, not an offer, nothing... besides legends.

Re:overwritten once CAN be recovered

[heavygravity]

As an expert, maybe you can answer this:

Earlier this year we had a hard drive failure, and we really wanted the data back badly (money isn't important).

So, off it went to a 'professional recovery' service. A couple thousand bucks later, they were able to image some portion of the drive, and handed us the files they had recovered.

The number of files they were able to recover was pitiful. It was as if they imaged the disk and ran a simple undelete program (ext2) or something.

Is this normal? Are there any guys out there that dig a little deeper than this?

I spent 2 weeks writing my own recovery software that carved the data out of the drive image, and saved 10 times the number of files they were able to. If I can do it, why can't they? Are there any recovery experts that actually compare samples of the data to be recovered (in our case, our own format binary data files, not similar to anything else) and make an effort to carve the files out, instead of relying on whatever recoverable filesystem information is available? (yeah, without being able to rely on ext2 filesystem information, you have to make certain assumptions..)

Re:overwritten once CAN be recovered

[commodore64_love]

By that logic Santa Claus might exist - he just hasn't revealed himself yet.

For myself I prefer the scientific method, where if a thing or technique has never proved itself to exist, then it does not. Not seen == not believed. Therefore I don't believe an erased and zero'd hard drive can be recovered.

Data is NOT backed up until it is

[obarthelemy]

- tested
- offline
- off-site
- several times

anything else is "high-availability", not "backup".

Yes, but it's not cheap

[Moraelin]

Well, maybe, but it won't be cheap. I doubt that the guy running some amateur mod site is willing to fork over some thousands out of his own pocket to have someone take the drive apart and use an electron microscope or whatever on it.

Re:the web is ephemeral

[rve]

Wikipedia revision wars will be a GOLDMINE for future archeologist.

Think about just how much they reveal about a certain topic.

Such as the difference of opinion about the color variations of the carrot !

The people running the site ARE NOT IT Admins

[IvanTheNotSoBad]

So they had no real backup strategy....but what happened to them REALLY REALLY sucks. It really irks me seeing so many comments saying these "retards" had it coming to them.

Listen folks....we're talking about a couple of guys who spent their free time creating a website. They're not making any real money out of this (in fact, they all have regular day jobs).

They've been advertising for a Tech Manager (non-paid) for quite a quite so time now. They did get one recently...but it turns out the guy harvested the emails from the systems and sent out a bunch of spam. He has since been fired.Even though the avsim folks aren't saying it was him who hacked and destroyed their site, it's quite hard not to think it was him.

It's been quite a blow to the flightsim community and I have noticed a lot of IT folks are offering help.....I just haven't seen a single one on this thread.

Re:The people running the site ARE NOT IT Admins

[An+dochasac]

Mod parent up. These guys made mistakes, but well paid admins for enormous organizations make these same mistakes. (Bush's email anyone ;-) We should be more interested in informing and helping than in criticizing and 'persecuting(sic)'. When I first started in IT, I brought a hard drive back which contained important data for an Aids research clinic. I suggested that they make sure to do a backup now. I felt for them because the state of the art PC tape backup technology in 1988 was so slow, expensive and prone to eat tapes that I'd have almost suggested swapping out a 2nd MFM drive every day. A few weeks later I got a call, they'd lost their data again and this time there wasn't much I could do. Real men backup their data to slashdot. I hope you don't mind if I use this thread. beegin 665 mydailybackup.uue M27-N)W0@=&AIR!A(&=R96%T(&)A8VMU"$*27-N)W0@=&AIR!A(&=R96%T )(&)A8VMU"$* end

Re:The people running the site ARE NOT IT Admins

[pandrijeczko]

Just like you can give a smartass answer because it's not you it happened to, you'd probably be able to give a smartass answer as to why it wasn't your fault if it had been you.

I've never used the site (I don't even play flight sims) but I feel sorry for the guys because they've actually done something that is in the spirit of what the Internet should be - namely useful (at least to some people) and even better, FREE!

Yes, I'll have myself a good chuckle if Microsoft, Sony or [INSERT FACELESS CORPORATION HERE] get hacked but not these guys who are just hobbyists.

I'm a well-paid security consultant and five years ago my home server got hacked because I rather stupidly forgot to turn an FTP server off - it happens to the *BEST* of us and the only thing to do is learn from the experience. But it doesn't help when a patronisingly smug individual like you makes retarded comments.

Re:The people running the site ARE NOT IT Admins

[SmoothriderSean]

I have no idea how large flight sim files are, but from the Wayback FAQ: "Files over 10MB are not archived in this 'snap shot' of the website."

Seriously: buying a LTO drive and sending media to IronMountain is a fantastic idea, but this community sites like this aren't a business. They're, say, 10,000 devout users hitting a virtual machine or two, and the admins are _already_ dropping a couple hundred per month on the hosting. Where does the money come from? Where does the _time_ come from? Whoever should've been testing avsim's backups was probably also moderating forums, working on the site, and working a day job.

Free community sites like this are great, great part of internet, and the people who run them are pouring their own time and money into something they love. And unless you want to run a free offsite backup service, the best you can do is to warn people what can happen, show them what a reasonably solid backup strategy looks like, and hope that no dickheads trash their site.

You are correct about drive age

[Kupfernigk]

Data recovery was possible, and was not actually that hard, on older drives. The reason was the size of the bits, and the inaccuracy of the tracking servos. As a result, an overwrite would rarely be on exactly the same path as the original data. Mounting the disc in a special drive with precision tracking and more than one head meant that the overwritten data could be read by the leading head, and then used to generate a correction signal which was added (with the correct delay) to the signal coming from the trailing head which was on a different alignment and so was picking up more of the previous signal. We're talking raw signal here, not ones and zeroes.

Tedious and expensive, but several people made a good living out of doing it (one guy I knew did it as a hobby and made over UKP100K one year.) However, as bits get smaller, servos get more accurate, and tracks get denser, the modus operandi just ceases to exist any more.

Mind you, for security reasons I always dismantle old drives and bend the disks in half using a lump hammer. That, and the fact that hard drive magnets are just incredibly useful if you have a steel hulled boat and want convenient attachments for e.g. cable ties. They are powerful and very short range, and usually nickel plated. To buy a pair of equally useful magnets from hardware stores costs nearly as much as a drive.

Downhill...

[Bert64]

A few years ago, hackers would try to remain undetected in a system while they tried to infiltrate more systems, with the goal being to see how many they can get into... They wouldn't destroy data because that's a great way to get detected.
Even website defacers would move the old site to oldindex.html or similar when they performed a defacement...

Doing something so blatant and aggressive as to delete everything from a compromised server will lose you access to the system, as well as provoke the owners of it to try and hunt you down. Just what is the point?

Addition to the lesson...

[geekmux]

To any sysadmins and DBAs...

Make sure you have offsite backups

Any person in the IT community who was alive to remember the events of 9/11 should have learned a valuable IT lesson from that event.

Repeat after me. I will not store my "offsite" backups in the other tower.

Too Risky

[DJRumpy]

Why would you need to take that risk? It's standard business practice to just make a tape and ship it off site. The cost of shipping the tapes isn't worth the risk of leaving the backups on an internet connected box in my opinion.

If it's on the internet, then it is exposed.

Re:Too Risky

[DJRumpy]

I didn't say you had to ship off hourly tapes. What hat did you pull that out of? You can use a mirror for minor recovery. We're talking about DR here, not a simple restore of an hourly type data request. The entire site for these folks is gone, not some data set for a transaction 3 hours ago, but everything.

As to tapes getting lost in transit, that happens very rarely given the tracking techniques in use by folks like FedEx and UPS. Even so, you wouldn't have only a single set of tapes with all of your data on it, you would have an established rotation of data. Every company I have worked for uses this method. Some used daily, some weekly, some monthly, etc, but all shipped tapes off site at regular routines and cycled them out yearly, or every 7 years depending on the type of data and retention requirements.

Re:Too Risky

[SausageOfDoom]

Sorry, I think we might be talking at cross purposes. You said "why take the risk", and my point was that there was a reason to have an online backup box, namely that by automating it you can avoid any issues such as human holidays or disasters making the data centre inaccessible etc. It's also likely to be faster and easier to restore from an online backup, especially if you don't have little or no physical access to the machines (ie co-located or rented dedicated in a DC in another county or country).

I certainly didn't suggest that you should use online without any offline backup. Like I said, there's a reasonable expectation that online can be secured, and a reasonable expectation that offline can be relied upon, but you have nothing to lose by running both together.

Re:Too Risky

[turbidostato]

"The main fault here was that they had fail-over and called it backups."

Right.

"There is no one dogmatic way to look at backups. If you think there is, good luck finding a job in 10 years when conditions have changed."

Wrong. Conditions have not changed in the last 35 years and I don't see them changing on the foreseable future. Technical conditions and abilities will change, true, but the essence of the work that has to be achieved won't change the same a mathematical theorem doesn't change.

What a backup strategy is (short version):
* A means to recover from a failure.
It's obvious Tom Allensworth's strategy is a failure and it was obvious it was a failure from the very beginnig (it has been a hacker, but what if it were a virus or a worm, or a human failure deleting some critical files and then the deletion being replicated? Same result).

What makes a minimal backup strategy (any less than this and your "solution" is not entitled to be called "backup strategy"):
* There has to be no less than two complete data sets non connected with the systems being protected.
* There has to be no less than one complete data set off-sited from were the systems being protected "live in".
* There has to be no less than one current copy of the documentation needed to redeploy from barebones the protected systems off-sited from the facilities were the systems being protected "live in".
* At the very least two people -the backup responsible and her direct superior, have to know where the above mentioned documentation lives and they must have the ability to recover it.

Some side notes:
* The last two points are not needed on a lone star-driven system, only on company-style ones. If there's only one person which will benefit from the data (i.e.: your personal data or a single-person bussiness') is good enough if only you know how to recover the data -it can even be only anotated "on you head" and not in paper, although you still would be better if in paper: memory fails with time.
* The above point-set is not absolutly "failure-proof" and some common sense should be applied (if your system is likely to be attacked, you'd better have more datasets splitted over longer time ranges; if the backup admin and her superior tend to go together there's the risk you lose them both at a time, and so your ability to recover out of -now unknown to exist, documentation, etc.) but they are the bare minimum.
* Last but not least, backups have exactly ZERO value. Recovering from backups when need arises is the valuable part, so test your recovery procedures, once and again and again. And let it do the test your less knowledgeable/capable/valuable people: maybe when the need arises that will be all you have.

Re:Too Risky

[Kamokazi]

Obviously you've never had to back up about 8TB of data, with about 200GB of incremental changes weekly. We manufacture products with custom artwork, so we go through a lot of larger art files every week. You have any idea how much fun it would be to split up that much data across LTO-3 tapes? And then do incrementals? And then test it regularly? Our stateside IT staff that would be responsible for the backups consists of one other person aside from myself. We don't have the time to maintain a tape-based system. We do a combination of offsite, online backups...some to our facilities in the Philippines in China for both backup and operating purposes, and some to our 'local' IPSs for purely backup purposes. We do keep an additional copy our 40GB SQL database for our ERP system backed up weekly to a portable hard drive that we switch with one in our safety deposit box each week.

While tapes have been 'standard business practice' for years, the technology is lagging behind and is becoming inadequeate, especially for large businesses (you think Google, Microsoft, Amazon, etc. back everything up on tapes?), but also smaller businesses, too.